aws-sdk-securityhub 1.95.0 → 1.97.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-securityhub/client.rb +1672 -29
- data/lib/aws-sdk-securityhub/client_api.rb +593 -0
- data/lib/aws-sdk-securityhub/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-securityhub/endpoints.rb +168 -0
- data/lib/aws-sdk-securityhub/errors.rb +21 -0
- data/lib/aws-sdk-securityhub/plugins/endpoints.rb +24 -0
- data/lib/aws-sdk-securityhub/types.rb +1681 -57
- data/lib/aws-sdk-securityhub.rb +1 -1
- metadata +2 -2
@@ -845,10 +845,14 @@ module Aws::SecurityHub
|
|
845
845
|
# resp.rules[0].criteria.confidence[0].gte #=> Float
|
846
846
|
# resp.rules[0].criteria.confidence[0].lte #=> Float
|
847
847
|
# resp.rules[0].criteria.confidence[0].eq #=> Float
|
848
|
+
# resp.rules[0].criteria.confidence[0].gt #=> Float
|
849
|
+
# resp.rules[0].criteria.confidence[0].lt #=> Float
|
848
850
|
# resp.rules[0].criteria.criticality #=> Array
|
849
851
|
# resp.rules[0].criteria.criticality[0].gte #=> Float
|
850
852
|
# resp.rules[0].criteria.criticality[0].lte #=> Float
|
851
853
|
# resp.rules[0].criteria.criticality[0].eq #=> Float
|
854
|
+
# resp.rules[0].criteria.criticality[0].gt #=> Float
|
855
|
+
# resp.rules[0].criteria.criticality[0].lt #=> Float
|
852
856
|
# resp.rules[0].criteria.title #=> Array
|
853
857
|
# resp.rules[0].criteria.title[0].value #=> String
|
854
858
|
# resp.rules[0].criteria.title[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
@@ -926,6 +930,15 @@ module Aws::SecurityHub
|
|
926
930
|
# resp.rules[0].criteria.user_defined_fields[0].key #=> String
|
927
931
|
# resp.rules[0].criteria.user_defined_fields[0].value #=> String
|
928
932
|
# resp.rules[0].criteria.user_defined_fields[0].comparison #=> String, one of "EQUALS", "NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
933
|
+
# resp.rules[0].criteria.resource_application_arn #=> Array
|
934
|
+
# resp.rules[0].criteria.resource_application_arn[0].value #=> String
|
935
|
+
# resp.rules[0].criteria.resource_application_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
936
|
+
# resp.rules[0].criteria.resource_application_name #=> Array
|
937
|
+
# resp.rules[0].criteria.resource_application_name[0].value #=> String
|
938
|
+
# resp.rules[0].criteria.resource_application_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
939
|
+
# resp.rules[0].criteria.aws_account_name #=> Array
|
940
|
+
# resp.rules[0].criteria.aws_account_name[0].value #=> String
|
941
|
+
# resp.rules[0].criteria.aws_account_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
929
942
|
# resp.rules[0].actions #=> Array
|
930
943
|
# resp.rules[0].actions[0].type #=> String, one of "FINDING_FIELDS_UPDATE"
|
931
944
|
# resp.rules[0].actions[0].finding_fields_update.note.text #=> String
|
@@ -961,6 +974,108 @@ module Aws::SecurityHub
|
|
961
974
|
req.send_request(options)
|
962
975
|
end
|
963
976
|
|
977
|
+
# Returns associations between an Security Hub configuration and a batch
|
978
|
+
# of target accounts, organizational units, or the root. Only the
|
979
|
+
# Security Hub delegated administrator can invoke this operation from
|
980
|
+
# the home Region. A configuration can refer to a configuration policy
|
981
|
+
# or to a self-managed configuration.
|
982
|
+
#
|
983
|
+
# @option params [required, Array<Types::ConfigurationPolicyAssociation>] :configuration_policy_association_identifiers
|
984
|
+
# Specifies one or more target account IDs, organizational unit (OU)
|
985
|
+
# IDs, or the root ID to retrieve associations for.
|
986
|
+
#
|
987
|
+
# @return [Types::BatchGetConfigurationPolicyAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
988
|
+
#
|
989
|
+
# * {Types::BatchGetConfigurationPolicyAssociationsResponse#configuration_policy_associations #configuration_policy_associations} => Array<Types::ConfigurationPolicyAssociationSummary>
|
990
|
+
# * {Types::BatchGetConfigurationPolicyAssociationsResponse#unprocessed_configuration_policy_associations #unprocessed_configuration_policy_associations} => Array<Types::UnprocessedConfigurationPolicyAssociation>
|
991
|
+
#
|
992
|
+
#
|
993
|
+
# @example Example: To get configuration associations for a batch of targets
|
994
|
+
#
|
995
|
+
# # This operation provides details about configuration associations for a batch of target accounts, organizational units,
|
996
|
+
# # or the root.
|
997
|
+
#
|
998
|
+
# resp = client.batch_get_configuration_policy_associations({
|
999
|
+
# configuration_policy_association_identifiers: [
|
1000
|
+
# {
|
1001
|
+
# target: {
|
1002
|
+
# account_id: "111122223333",
|
1003
|
+
# },
|
1004
|
+
# },
|
1005
|
+
# {
|
1006
|
+
# target: {
|
1007
|
+
# root_id: "r-f6g7h8i9j0example",
|
1008
|
+
# },
|
1009
|
+
# },
|
1010
|
+
# ],
|
1011
|
+
# })
|
1012
|
+
#
|
1013
|
+
# resp.to_h outputs the following:
|
1014
|
+
# {
|
1015
|
+
# configuration_policy_associations: [
|
1016
|
+
# {
|
1017
|
+
# association_status: "SUCCESS",
|
1018
|
+
# association_status_message: "This field is only populated for a failed association",
|
1019
|
+
# association_type: "INHERITED",
|
1020
|
+
# configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
1021
|
+
# target_id: "111122223333",
|
1022
|
+
# target_type: "ACCOUNT",
|
1023
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
1024
|
+
# },
|
1025
|
+
# ],
|
1026
|
+
# unprocessed_configuration_policy_associations: [
|
1027
|
+
# {
|
1028
|
+
# configuration_policy_association_identifiers: {
|
1029
|
+
# target: {
|
1030
|
+
# root_id: "r-f6g7h8i9j0example",
|
1031
|
+
# },
|
1032
|
+
# },
|
1033
|
+
# error_code: "400",
|
1034
|
+
# error_reason: "You do not have sufficient access to perform this action.",
|
1035
|
+
# },
|
1036
|
+
# ],
|
1037
|
+
# }
|
1038
|
+
#
|
1039
|
+
# @example Request syntax with placeholder values
|
1040
|
+
#
|
1041
|
+
# resp = client.batch_get_configuration_policy_associations({
|
1042
|
+
# configuration_policy_association_identifiers: [ # required
|
1043
|
+
# {
|
1044
|
+
# target: {
|
1045
|
+
# account_id: "NonEmptyString",
|
1046
|
+
# organizational_unit_id: "NonEmptyString",
|
1047
|
+
# root_id: "NonEmptyString",
|
1048
|
+
# },
|
1049
|
+
# },
|
1050
|
+
# ],
|
1051
|
+
# })
|
1052
|
+
#
|
1053
|
+
# @example Response structure
|
1054
|
+
#
|
1055
|
+
# resp.configuration_policy_associations #=> Array
|
1056
|
+
# resp.configuration_policy_associations[0].configuration_policy_id #=> String
|
1057
|
+
# resp.configuration_policy_associations[0].target_id #=> String
|
1058
|
+
# resp.configuration_policy_associations[0].target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
|
1059
|
+
# resp.configuration_policy_associations[0].association_type #=> String, one of "INHERITED", "APPLIED"
|
1060
|
+
# resp.configuration_policy_associations[0].updated_at #=> Time
|
1061
|
+
# resp.configuration_policy_associations[0].association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
|
1062
|
+
# resp.configuration_policy_associations[0].association_status_message #=> String
|
1063
|
+
# resp.unprocessed_configuration_policy_associations #=> Array
|
1064
|
+
# resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.account_id #=> String
|
1065
|
+
# resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.organizational_unit_id #=> String
|
1066
|
+
# resp.unprocessed_configuration_policy_associations[0].configuration_policy_association_identifiers.target.root_id #=> String
|
1067
|
+
# resp.unprocessed_configuration_policy_associations[0].error_code #=> String
|
1068
|
+
# resp.unprocessed_configuration_policy_associations[0].error_reason #=> String
|
1069
|
+
#
|
1070
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetConfigurationPolicyAssociations AWS API Documentation
|
1071
|
+
#
|
1072
|
+
# @overload batch_get_configuration_policy_associations(params = {})
|
1073
|
+
# @param [Hash] params ({})
|
1074
|
+
def batch_get_configuration_policy_associations(params = {}, options = {})
|
1075
|
+
req = build_request(:batch_get_configuration_policy_associations, params)
|
1076
|
+
req.send_request(options)
|
1077
|
+
end
|
1078
|
+
|
964
1079
|
# Provides details about a batch of security controls for the current
|
965
1080
|
# Amazon Web Services account and Amazon Web Services Region.
|
966
1081
|
#
|
@@ -991,21 +1106,41 @@ module Aws::SecurityHub
|
|
991
1106
|
# security_controls: [
|
992
1107
|
# {
|
993
1108
|
# description: "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.",
|
1109
|
+
# last_update_reason: "Stayed with default value",
|
1110
|
+
# parameters: {
|
1111
|
+
# "daysToExpiration" => {
|
1112
|
+
# value: {
|
1113
|
+
# integer: 30,
|
1114
|
+
# },
|
1115
|
+
# value_type: "DEFAULT",
|
1116
|
+
# },
|
1117
|
+
# },
|
994
1118
|
# remediation_url: "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation",
|
995
1119
|
# security_control_arn: "arn:aws:securityhub:us-west-2:123456789012:security-control/ACM.1",
|
996
1120
|
# security_control_id: "ACM.1",
|
997
1121
|
# security_control_status: "ENABLED",
|
998
1122
|
# severity_rating: "MEDIUM",
|
999
1123
|
# title: "Imported and ACM-issued certificates should be renewed after a specified time period",
|
1124
|
+
# update_status: "UPDATING",
|
1000
1125
|
# },
|
1001
1126
|
# {
|
1002
1127
|
# description: "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.",
|
1128
|
+
# last_update_reason: "Updated control parameters to comply with internal requirements",
|
1129
|
+
# parameters: {
|
1130
|
+
# "loggingLevel" => {
|
1131
|
+
# value: {
|
1132
|
+
# enum: "ERROR",
|
1133
|
+
# },
|
1134
|
+
# value_type: "CUSTOM",
|
1135
|
+
# },
|
1136
|
+
# },
|
1003
1137
|
# remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation",
|
1004
1138
|
# security_control_arn: "arn:aws:securityhub:us-west-2:123456789012:security-control/APIGateway.1",
|
1005
1139
|
# security_control_id: "APIGateway.1",
|
1006
1140
|
# security_control_status: "ENABLED",
|
1007
1141
|
# severity_rating: "MEDIUM",
|
1008
1142
|
# title: "API Gateway REST and WebSocket API execution logging should be enabled",
|
1143
|
+
# update_status: "UPDATING",
|
1009
1144
|
# },
|
1010
1145
|
# ],
|
1011
1146
|
# }
|
@@ -1026,6 +1161,21 @@ module Aws::SecurityHub
|
|
1026
1161
|
# resp.security_controls[0].remediation_url #=> String
|
1027
1162
|
# resp.security_controls[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
|
1028
1163
|
# resp.security_controls[0].security_control_status #=> String, one of "ENABLED", "DISABLED"
|
1164
|
+
# resp.security_controls[0].update_status #=> String, one of "READY", "UPDATING"
|
1165
|
+
# resp.security_controls[0].parameters #=> Hash
|
1166
|
+
# resp.security_controls[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
|
1167
|
+
# resp.security_controls[0].parameters["NonEmptyString"].value.integer #=> Integer
|
1168
|
+
# resp.security_controls[0].parameters["NonEmptyString"].value.integer_list #=> Array
|
1169
|
+
# resp.security_controls[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
|
1170
|
+
# resp.security_controls[0].parameters["NonEmptyString"].value.double #=> Float
|
1171
|
+
# resp.security_controls[0].parameters["NonEmptyString"].value.string #=> String
|
1172
|
+
# resp.security_controls[0].parameters["NonEmptyString"].value.string_list #=> Array
|
1173
|
+
# resp.security_controls[0].parameters["NonEmptyString"].value.string_list[0] #=> String
|
1174
|
+
# resp.security_controls[0].parameters["NonEmptyString"].value.boolean #=> Boolean
|
1175
|
+
# resp.security_controls[0].parameters["NonEmptyString"].value.enum #=> String
|
1176
|
+
# resp.security_controls[0].parameters["NonEmptyString"].value.enum_list #=> Array
|
1177
|
+
# resp.security_controls[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
|
1178
|
+
# resp.security_controls[0].last_update_reason #=> String
|
1029
1179
|
# resp.unprocessed_ids #=> Array
|
1030
1180
|
# resp.unprocessed_ids[0].security_control_id #=> String
|
1031
1181
|
# resp.unprocessed_ids[0].error_code #=> String, one of "INVALID_INPUT", "ACCESS_DENIED", "NOT_FOUND", "LIMIT_EXCEEDED"
|
@@ -1403,6 +1553,8 @@ module Aws::SecurityHub
|
|
1403
1553
|
# gte: 1.0,
|
1404
1554
|
# lte: 1.0,
|
1405
1555
|
# eq: 1.0,
|
1556
|
+
# gt: 1.0,
|
1557
|
+
# lt: 1.0,
|
1406
1558
|
# },
|
1407
1559
|
# ],
|
1408
1560
|
# criticality: [
|
@@ -1410,6 +1562,8 @@ module Aws::SecurityHub
|
|
1410
1562
|
# gte: 1.0,
|
1411
1563
|
# lte: 1.0,
|
1412
1564
|
# eq: 1.0,
|
1565
|
+
# gt: 1.0,
|
1566
|
+
# lt: 1.0,
|
1413
1567
|
# },
|
1414
1568
|
# ],
|
1415
1569
|
# title: [
|
@@ -1563,6 +1717,24 @@ module Aws::SecurityHub
|
|
1563
1717
|
# comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
1564
1718
|
# },
|
1565
1719
|
# ],
|
1720
|
+
# resource_application_arn: [
|
1721
|
+
# {
|
1722
|
+
# value: "NonEmptyString",
|
1723
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
1724
|
+
# },
|
1725
|
+
# ],
|
1726
|
+
# resource_application_name: [
|
1727
|
+
# {
|
1728
|
+
# value: "NonEmptyString",
|
1729
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
1730
|
+
# },
|
1731
|
+
# ],
|
1732
|
+
# aws_account_name: [
|
1733
|
+
# {
|
1734
|
+
# value: "NonEmptyString",
|
1735
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
1736
|
+
# },
|
1737
|
+
# ],
|
1566
1738
|
# },
|
1567
1739
|
# actions: [
|
1568
1740
|
# {
|
@@ -1992,7 +2164,7 @@ module Aws::SecurityHub
|
|
1992
2164
|
# Creates an automation rule based on input parameters.
|
1993
2165
|
#
|
1994
2166
|
# @option params [Hash<String,String>] :tags
|
1995
|
-
# User-defined tags
|
2167
|
+
# User-defined tags associated with an automation rule.
|
1996
2168
|
#
|
1997
2169
|
# @option params [String] :rule_status
|
1998
2170
|
# Whether the rule is active after it is created. If this parameter is
|
@@ -2192,6 +2364,8 @@ module Aws::SecurityHub
|
|
2192
2364
|
# gte: 1.0,
|
2193
2365
|
# lte: 1.0,
|
2194
2366
|
# eq: 1.0,
|
2367
|
+
# gt: 1.0,
|
2368
|
+
# lt: 1.0,
|
2195
2369
|
# },
|
2196
2370
|
# ],
|
2197
2371
|
# criticality: [
|
@@ -2199,6 +2373,8 @@ module Aws::SecurityHub
|
|
2199
2373
|
# gte: 1.0,
|
2200
2374
|
# lte: 1.0,
|
2201
2375
|
# eq: 1.0,
|
2376
|
+
# gt: 1.0,
|
2377
|
+
# lt: 1.0,
|
2202
2378
|
# },
|
2203
2379
|
# ],
|
2204
2380
|
# title: [
|
@@ -2352,6 +2528,24 @@ module Aws::SecurityHub
|
|
2352
2528
|
# comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
2353
2529
|
# },
|
2354
2530
|
# ],
|
2531
|
+
# resource_application_arn: [
|
2532
|
+
# {
|
2533
|
+
# value: "NonEmptyString",
|
2534
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
2535
|
+
# },
|
2536
|
+
# ],
|
2537
|
+
# resource_application_name: [
|
2538
|
+
# {
|
2539
|
+
# value: "NonEmptyString",
|
2540
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
2541
|
+
# },
|
2542
|
+
# ],
|
2543
|
+
# aws_account_name: [
|
2544
|
+
# {
|
2545
|
+
# value: "NonEmptyString",
|
2546
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
2547
|
+
# },
|
2548
|
+
# ],
|
2355
2549
|
# },
|
2356
2550
|
# actions: [ # required
|
2357
2551
|
# {
|
@@ -2400,6 +2594,200 @@ module Aws::SecurityHub
|
|
2400
2594
|
req.send_request(options)
|
2401
2595
|
end
|
2402
2596
|
|
2597
|
+
# Creates a configuration policy with the defined configuration. Only
|
2598
|
+
# the Security Hub delegated administrator can invoke this operation
|
2599
|
+
# from the home Region.
|
2600
|
+
#
|
2601
|
+
# @option params [required, String] :name
|
2602
|
+
# The name of the configuration policy.
|
2603
|
+
#
|
2604
|
+
# @option params [String] :description
|
2605
|
+
# The description of the configuration policy.
|
2606
|
+
#
|
2607
|
+
# @option params [required, Types::Policy] :configuration_policy
|
2608
|
+
# An object that defines how Security Hub is configured. It includes
|
2609
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
2610
|
+
# security standards, a list of enabled or disabled security controls,
|
2611
|
+
# and a list of custom parameter values for specified controls. If you
|
2612
|
+
# provide a list of security controls that are enabled in the
|
2613
|
+
# configuration policy, Security Hub disables all other controls
|
2614
|
+
# (including newly released controls). If you provide a list of security
|
2615
|
+
# controls that are disabled in the configuration policy, Security Hub
|
2616
|
+
# enables all other controls (including newly released controls).
|
2617
|
+
#
|
2618
|
+
# @option params [Hash<String,String>] :tags
|
2619
|
+
# User-defined tags associated with a configuration policy. For more
|
2620
|
+
# information, see [Tagging Security Hub resources][1] in the *Security
|
2621
|
+
# Hub user guide*.
|
2622
|
+
#
|
2623
|
+
#
|
2624
|
+
#
|
2625
|
+
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html
|
2626
|
+
#
|
2627
|
+
# @return [Types::CreateConfigurationPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2628
|
+
#
|
2629
|
+
# * {Types::CreateConfigurationPolicyResponse#arn #arn} => String
|
2630
|
+
# * {Types::CreateConfigurationPolicyResponse#id #id} => String
|
2631
|
+
# * {Types::CreateConfigurationPolicyResponse#name #name} => String
|
2632
|
+
# * {Types::CreateConfigurationPolicyResponse#description #description} => String
|
2633
|
+
# * {Types::CreateConfigurationPolicyResponse#updated_at #updated_at} => Time
|
2634
|
+
# * {Types::CreateConfigurationPolicyResponse#created_at #created_at} => Time
|
2635
|
+
# * {Types::CreateConfigurationPolicyResponse#configuration_policy #configuration_policy} => Types::Policy
|
2636
|
+
#
|
2637
|
+
#
|
2638
|
+
# @example Example: To create a configuration policy
|
2639
|
+
#
|
2640
|
+
# # This operation creates a configuration policy in Security Hub.
|
2641
|
+
#
|
2642
|
+
# resp = client.create_configuration_policy({
|
2643
|
+
# configuration_policy: {
|
2644
|
+
# security_hub: {
|
2645
|
+
# enabled_standard_identifiers: [
|
2646
|
+
# "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
|
2647
|
+
# "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
|
2648
|
+
# ],
|
2649
|
+
# security_controls_configuration: {
|
2650
|
+
# disabled_security_control_identifiers: [
|
2651
|
+
# "CloudWatch.1",
|
2652
|
+
# ],
|
2653
|
+
# security_control_custom_parameters: [
|
2654
|
+
# {
|
2655
|
+
# parameters: {
|
2656
|
+
# "daysToExpiration" => {
|
2657
|
+
# value: {
|
2658
|
+
# integer: 14,
|
2659
|
+
# },
|
2660
|
+
# value_type: "CUSTOM",
|
2661
|
+
# },
|
2662
|
+
# },
|
2663
|
+
# security_control_id: "ACM.1",
|
2664
|
+
# },
|
2665
|
+
# ],
|
2666
|
+
# },
|
2667
|
+
# service_enabled: true,
|
2668
|
+
# },
|
2669
|
+
# },
|
2670
|
+
# description: "Configuration policy for testing FSBP and CIS",
|
2671
|
+
# name: "TestConfigurationPolicy",
|
2672
|
+
# })
|
2673
|
+
#
|
2674
|
+
# resp.to_h outputs the following:
|
2675
|
+
# {
|
2676
|
+
# arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
2677
|
+
# configuration_policy: {
|
2678
|
+
# security_hub: {
|
2679
|
+
# enabled_standard_identifiers: [
|
2680
|
+
# "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
|
2681
|
+
# "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
|
2682
|
+
# ],
|
2683
|
+
# security_controls_configuration: {
|
2684
|
+
# disabled_security_control_identifiers: [
|
2685
|
+
# "CloudWatch.1",
|
2686
|
+
# ],
|
2687
|
+
# security_control_custom_parameters: [
|
2688
|
+
# {
|
2689
|
+
# parameters: {
|
2690
|
+
# "daysToExpiration" => {
|
2691
|
+
# value: {
|
2692
|
+
# integer: 14,
|
2693
|
+
# },
|
2694
|
+
# value_type: "CUSTOM",
|
2695
|
+
# },
|
2696
|
+
# },
|
2697
|
+
# security_control_id: "ACM.1",
|
2698
|
+
# },
|
2699
|
+
# ],
|
2700
|
+
# },
|
2701
|
+
# service_enabled: true,
|
2702
|
+
# },
|
2703
|
+
# },
|
2704
|
+
# created_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
2705
|
+
# description: "Configuration policy for testing FSBP and CIS",
|
2706
|
+
# id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
2707
|
+
# name: "TestConfigurationPolicy",
|
2708
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
2709
|
+
# }
|
2710
|
+
#
|
2711
|
+
# @example Request syntax with placeholder values
|
2712
|
+
#
|
2713
|
+
# resp = client.create_configuration_policy({
|
2714
|
+
# name: "NonEmptyString", # required
|
2715
|
+
# description: "NonEmptyString",
|
2716
|
+
# configuration_policy: { # required
|
2717
|
+
# security_hub: {
|
2718
|
+
# service_enabled: false,
|
2719
|
+
# enabled_standard_identifiers: ["NonEmptyString"],
|
2720
|
+
# security_controls_configuration: {
|
2721
|
+
# enabled_security_control_identifiers: ["NonEmptyString"],
|
2722
|
+
# disabled_security_control_identifiers: ["NonEmptyString"],
|
2723
|
+
# security_control_custom_parameters: [
|
2724
|
+
# {
|
2725
|
+
# security_control_id: "NonEmptyString",
|
2726
|
+
# parameters: {
|
2727
|
+
# "NonEmptyString" => {
|
2728
|
+
# value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
|
2729
|
+
# value: {
|
2730
|
+
# integer: 1,
|
2731
|
+
# integer_list: [1],
|
2732
|
+
# double: 1.0,
|
2733
|
+
# string: "NonEmptyString",
|
2734
|
+
# string_list: ["NonEmptyString"],
|
2735
|
+
# boolean: false,
|
2736
|
+
# enum: "NonEmptyString",
|
2737
|
+
# enum_list: ["NonEmptyString"],
|
2738
|
+
# },
|
2739
|
+
# },
|
2740
|
+
# },
|
2741
|
+
# },
|
2742
|
+
# ],
|
2743
|
+
# },
|
2744
|
+
# },
|
2745
|
+
# },
|
2746
|
+
# tags: {
|
2747
|
+
# "TagKey" => "TagValue",
|
2748
|
+
# },
|
2749
|
+
# })
|
2750
|
+
#
|
2751
|
+
# @example Response structure
|
2752
|
+
#
|
2753
|
+
# resp.arn #=> String
|
2754
|
+
# resp.id #=> String
|
2755
|
+
# resp.name #=> String
|
2756
|
+
# resp.description #=> String
|
2757
|
+
# resp.updated_at #=> Time
|
2758
|
+
# resp.created_at #=> Time
|
2759
|
+
# resp.configuration_policy.security_hub.service_enabled #=> Boolean
|
2760
|
+
# resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
|
2761
|
+
# resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
|
2762
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
|
2763
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
|
2764
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
|
2765
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
|
2766
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
|
2767
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
|
2768
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
|
2769
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
|
2770
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
|
2771
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
|
2772
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
|
2773
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
|
2774
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
|
2775
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
|
2776
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
|
2777
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
|
2778
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
|
2779
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
|
2780
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
|
2781
|
+
#
|
2782
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateConfigurationPolicy AWS API Documentation
|
2783
|
+
#
|
2784
|
+
# @overload create_configuration_policy(params = {})
|
2785
|
+
# @param [Hash] params ({})
|
2786
|
+
def create_configuration_policy(params = {}, options = {})
|
2787
|
+
req = build_request(:create_configuration_policy, params)
|
2788
|
+
req.send_request(options)
|
2789
|
+
end
|
2790
|
+
|
2403
2791
|
# Used to enable finding aggregation. Must be called from the
|
2404
2792
|
# aggregation Region.
|
2405
2793
|
#
|
@@ -2641,6 +3029,8 @@ module Aws::SecurityHub
|
|
2641
3029
|
# gte: 1.0,
|
2642
3030
|
# lte: 1.0,
|
2643
3031
|
# eq: 1.0,
|
3032
|
+
# gt: 1.0,
|
3033
|
+
# lt: 1.0,
|
2644
3034
|
# },
|
2645
3035
|
# ],
|
2646
3036
|
# severity_normalized: [
|
@@ -2648,6 +3038,8 @@ module Aws::SecurityHub
|
|
2648
3038
|
# gte: 1.0,
|
2649
3039
|
# lte: 1.0,
|
2650
3040
|
# eq: 1.0,
|
3041
|
+
# gt: 1.0,
|
3042
|
+
# lt: 1.0,
|
2651
3043
|
# },
|
2652
3044
|
# ],
|
2653
3045
|
# severity_label: [
|
@@ -2661,6 +3053,8 @@ module Aws::SecurityHub
|
|
2661
3053
|
# gte: 1.0,
|
2662
3054
|
# lte: 1.0,
|
2663
3055
|
# eq: 1.0,
|
3056
|
+
# gt: 1.0,
|
3057
|
+
# lt: 1.0,
|
2664
3058
|
# },
|
2665
3059
|
# ],
|
2666
3060
|
# criticality: [
|
@@ -2668,6 +3062,8 @@ module Aws::SecurityHub
|
|
2668
3062
|
# gte: 1.0,
|
2669
3063
|
# lte: 1.0,
|
2670
3064
|
# eq: 1.0,
|
3065
|
+
# gt: 1.0,
|
3066
|
+
# lt: 1.0,
|
2671
3067
|
# },
|
2672
3068
|
# ],
|
2673
3069
|
# title: [
|
@@ -2771,6 +3167,8 @@ module Aws::SecurityHub
|
|
2771
3167
|
# gte: 1.0,
|
2772
3168
|
# lte: 1.0,
|
2773
3169
|
# eq: 1.0,
|
3170
|
+
# gt: 1.0,
|
3171
|
+
# lt: 1.0,
|
2774
3172
|
# },
|
2775
3173
|
# ],
|
2776
3174
|
# network_source_domain: [
|
@@ -2800,6 +3198,8 @@ module Aws::SecurityHub
|
|
2800
3198
|
# gte: 1.0,
|
2801
3199
|
# lte: 1.0,
|
2802
3200
|
# eq: 1.0,
|
3201
|
+
# gt: 1.0,
|
3202
|
+
# lt: 1.0,
|
2803
3203
|
# },
|
2804
3204
|
# ],
|
2805
3205
|
# network_destination_domain: [
|
@@ -2825,6 +3225,8 @@ module Aws::SecurityHub
|
|
2825
3225
|
# gte: 1.0,
|
2826
3226
|
# lte: 1.0,
|
2827
3227
|
# eq: 1.0,
|
3228
|
+
# gt: 1.0,
|
3229
|
+
# lt: 1.0,
|
2828
3230
|
# },
|
2829
3231
|
# ],
|
2830
3232
|
# process_parent_pid: [
|
@@ -2832,6 +3234,8 @@ module Aws::SecurityHub
|
|
2832
3234
|
# gte: 1.0,
|
2833
3235
|
# lte: 1.0,
|
2834
3236
|
# eq: 1.0,
|
3237
|
+
# gt: 1.0,
|
3238
|
+
# lt: 1.0,
|
2835
3239
|
# },
|
2836
3240
|
# ],
|
2837
3241
|
# process_launched_at: [
|
@@ -3136,6 +3540,8 @@ module Aws::SecurityHub
|
|
3136
3540
|
# gte: 1.0,
|
3137
3541
|
# lte: 1.0,
|
3138
3542
|
# eq: 1.0,
|
3543
|
+
# gt: 1.0,
|
3544
|
+
# lt: 1.0,
|
3139
3545
|
# },
|
3140
3546
|
# ],
|
3141
3547
|
# finding_provider_fields_criticality: [
|
@@ -3143,6 +3549,8 @@ module Aws::SecurityHub
|
|
3143
3549
|
# gte: 1.0,
|
3144
3550
|
# lte: 1.0,
|
3145
3551
|
# eq: 1.0,
|
3552
|
+
# gt: 1.0,
|
3553
|
+
# lt: 1.0,
|
3146
3554
|
# },
|
3147
3555
|
# ],
|
3148
3556
|
# finding_provider_fields_related_findings_id: [
|
@@ -3192,6 +3600,48 @@ module Aws::SecurityHub
|
|
3192
3600
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
3193
3601
|
# },
|
3194
3602
|
# ],
|
3603
|
+
# vulnerabilities_exploit_available: [
|
3604
|
+
# {
|
3605
|
+
# value: "NonEmptyString",
|
3606
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
3607
|
+
# },
|
3608
|
+
# ],
|
3609
|
+
# vulnerabilities_fix_available: [
|
3610
|
+
# {
|
3611
|
+
# value: "NonEmptyString",
|
3612
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
3613
|
+
# },
|
3614
|
+
# ],
|
3615
|
+
# compliance_security_control_parameters_name: [
|
3616
|
+
# {
|
3617
|
+
# value: "NonEmptyString",
|
3618
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
3619
|
+
# },
|
3620
|
+
# ],
|
3621
|
+
# compliance_security_control_parameters_value: [
|
3622
|
+
# {
|
3623
|
+
# value: "NonEmptyString",
|
3624
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
3625
|
+
# },
|
3626
|
+
# ],
|
3627
|
+
# aws_account_name: [
|
3628
|
+
# {
|
3629
|
+
# value: "NonEmptyString",
|
3630
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
3631
|
+
# },
|
3632
|
+
# ],
|
3633
|
+
# resource_application_name: [
|
3634
|
+
# {
|
3635
|
+
# value: "NonEmptyString",
|
3636
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
3637
|
+
# },
|
3638
|
+
# ],
|
3639
|
+
# resource_application_arn: [
|
3640
|
+
# {
|
3641
|
+
# value: "NonEmptyString",
|
3642
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
3643
|
+
# },
|
3644
|
+
# ],
|
3195
3645
|
# },
|
3196
3646
|
# group_by_attribute: "NonEmptyString", # required
|
3197
3647
|
# })
|
@@ -3420,6 +3870,42 @@ module Aws::SecurityHub
|
|
3420
3870
|
req.send_request(options)
|
3421
3871
|
end
|
3422
3872
|
|
3873
|
+
# Deletes a configuration policy. Only the Security Hub delegated
|
3874
|
+
# administrator can invoke this operation from the home Region. For the
|
3875
|
+
# deletion to succeed, you must first disassociate a configuration
|
3876
|
+
# policy from target accounts, organizational units, or the root by
|
3877
|
+
# invoking the `StartConfigurationPolicyDisassociation` operation.
|
3878
|
+
#
|
3879
|
+
# @option params [required, String] :identifier
|
3880
|
+
# The Amazon Resource Name (ARN) or universally unique identifier (UUID)
|
3881
|
+
# of the configuration policy.
|
3882
|
+
#
|
3883
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
3884
|
+
#
|
3885
|
+
#
|
3886
|
+
# @example Example: To delete a configuration policy
|
3887
|
+
#
|
3888
|
+
# # This operation deletes the specified configuration policy.
|
3889
|
+
#
|
3890
|
+
# resp = client.delete_configuration_policy({
|
3891
|
+
# identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
3892
|
+
# })
|
3893
|
+
#
|
3894
|
+
# @example Request syntax with placeholder values
|
3895
|
+
#
|
3896
|
+
# resp = client.delete_configuration_policy({
|
3897
|
+
# identifier: "NonEmptyString", # required
|
3898
|
+
# })
|
3899
|
+
#
|
3900
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteConfigurationPolicy AWS API Documentation
|
3901
|
+
#
|
3902
|
+
# @overload delete_configuration_policy(params = {})
|
3903
|
+
# @param [Hash] params ({})
|
3904
|
+
def delete_configuration_policy(params = {}, options = {})
|
3905
|
+
req = build_request(:delete_configuration_policy, params)
|
3906
|
+
req.send_request(options)
|
3907
|
+
end
|
3908
|
+
|
3423
3909
|
# Deletes a finding aggregator. When you delete the finding aggregator,
|
3424
3910
|
# you stop finding aggregation.
|
3425
3911
|
#
|
@@ -3739,29 +4225,35 @@ module Aws::SecurityHub
|
|
3739
4225
|
req.send_request(options)
|
3740
4226
|
end
|
3741
4227
|
|
3742
|
-
# Returns information about the
|
3743
|
-
# Hub.
|
4228
|
+
# Returns information about the way your organization is configured in
|
4229
|
+
# Security Hub. Only the Security Hub administrator account can invoke
|
4230
|
+
# this operation.
|
3744
4231
|
#
|
3745
4232
|
# @return [Types::DescribeOrganizationConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3746
4233
|
#
|
3747
4234
|
# * {Types::DescribeOrganizationConfigurationResponse#auto_enable #auto_enable} => Boolean
|
3748
4235
|
# * {Types::DescribeOrganizationConfigurationResponse#member_account_limit_reached #member_account_limit_reached} => Boolean
|
3749
4236
|
# * {Types::DescribeOrganizationConfigurationResponse#auto_enable_standards #auto_enable_standards} => String
|
4237
|
+
# * {Types::DescribeOrganizationConfigurationResponse#organization_configuration #organization_configuration} => Types::OrganizationConfiguration
|
3750
4238
|
#
|
3751
4239
|
#
|
3752
|
-
# @example Example: To get information about
|
4240
|
+
# @example Example: To get information about organization configuration
|
3753
4241
|
#
|
3754
|
-
# #
|
3755
|
-
# #
|
4242
|
+
# # This operation provides information about the way your organization is configured in Security Hub. Only a Security Hub
|
4243
|
+
# # administrator account can invoke this operation.
|
3756
4244
|
#
|
3757
4245
|
# resp = client.describe_organization_configuration({
|
3758
4246
|
# })
|
3759
4247
|
#
|
3760
4248
|
# resp.to_h outputs the following:
|
3761
4249
|
# {
|
3762
|
-
# auto_enable:
|
3763
|
-
# auto_enable_standards: "
|
3764
|
-
# member_account_limit_reached:
|
4250
|
+
# auto_enable: false,
|
4251
|
+
# auto_enable_standards: "NONE",
|
4252
|
+
# member_account_limit_reached: false,
|
4253
|
+
# organization_configuration: {
|
4254
|
+
# configuration_type: "CENTRAL",
|
4255
|
+
# status: "ENABLED",
|
4256
|
+
# },
|
3765
4257
|
# }
|
3766
4258
|
#
|
3767
4259
|
# @example Response structure
|
@@ -3769,6 +4261,9 @@ module Aws::SecurityHub
|
|
3769
4261
|
# resp.auto_enable #=> Boolean
|
3770
4262
|
# resp.member_account_limit_reached #=> Boolean
|
3771
4263
|
# resp.auto_enable_standards #=> String, one of "NONE", "DEFAULT"
|
4264
|
+
# resp.organization_configuration.configuration_type #=> String, one of "CENTRAL", "LOCAL"
|
4265
|
+
# resp.organization_configuration.status #=> String, one of "PENDING", "ENABLED", "FAILED"
|
4266
|
+
# resp.organization_configuration.status_message #=> String
|
3772
4267
|
#
|
3773
4268
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfiguration AWS API Documentation
|
3774
4269
|
#
|
@@ -4492,6 +4987,188 @@ module Aws::SecurityHub
|
|
4492
4987
|
req.send_request(options)
|
4493
4988
|
end
|
4494
4989
|
|
4990
|
+
# Provides information about a configuration policy. Only the Security
|
4991
|
+
# Hub delegated administrator can invoke this operation from the home
|
4992
|
+
# Region.
|
4993
|
+
#
|
4994
|
+
# @option params [required, String] :identifier
|
4995
|
+
# The Amazon Resource Name (ARN) or universally unique identifier (UUID)
|
4996
|
+
# of the configuration policy.
|
4997
|
+
#
|
4998
|
+
# @return [Types::GetConfigurationPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
4999
|
+
#
|
5000
|
+
# * {Types::GetConfigurationPolicyResponse#arn #arn} => String
|
5001
|
+
# * {Types::GetConfigurationPolicyResponse#id #id} => String
|
5002
|
+
# * {Types::GetConfigurationPolicyResponse#name #name} => String
|
5003
|
+
# * {Types::GetConfigurationPolicyResponse#description #description} => String
|
5004
|
+
# * {Types::GetConfigurationPolicyResponse#updated_at #updated_at} => Time
|
5005
|
+
# * {Types::GetConfigurationPolicyResponse#created_at #created_at} => Time
|
5006
|
+
# * {Types::GetConfigurationPolicyResponse#configuration_policy #configuration_policy} => Types::Policy
|
5007
|
+
#
|
5008
|
+
#
|
5009
|
+
# @example Example: To get details about a configuration policy
|
5010
|
+
#
|
5011
|
+
# # This operation provides details about the specified configuration policy.
|
5012
|
+
#
|
5013
|
+
# resp = client.get_configuration_policy({
|
5014
|
+
# identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
5015
|
+
# })
|
5016
|
+
#
|
5017
|
+
# resp.to_h outputs the following:
|
5018
|
+
# {
|
5019
|
+
# arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
5020
|
+
# configuration_policy: {
|
5021
|
+
# security_hub: {
|
5022
|
+
# enabled_standard_identifiers: [
|
5023
|
+
# "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
|
5024
|
+
# "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
|
5025
|
+
# ],
|
5026
|
+
# security_controls_configuration: {
|
5027
|
+
# disabled_security_control_identifiers: [
|
5028
|
+
# "CloudWatch.1",
|
5029
|
+
# ],
|
5030
|
+
# security_control_custom_parameters: [
|
5031
|
+
# {
|
5032
|
+
# parameters: {
|
5033
|
+
# "daysToExpiration" => {
|
5034
|
+
# value: {
|
5035
|
+
# integer: 14,
|
5036
|
+
# },
|
5037
|
+
# value_type: "CUSTOM",
|
5038
|
+
# },
|
5039
|
+
# },
|
5040
|
+
# security_control_id: "ACM.1",
|
5041
|
+
# },
|
5042
|
+
# ],
|
5043
|
+
# },
|
5044
|
+
# service_enabled: true,
|
5045
|
+
# },
|
5046
|
+
# },
|
5047
|
+
# created_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
5048
|
+
# description: "Configuration policy for testing FSBP and CIS",
|
5049
|
+
# id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
5050
|
+
# name: "TestConfigurationPolicy",
|
5051
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
5052
|
+
# }
|
5053
|
+
#
|
5054
|
+
# @example Request syntax with placeholder values
|
5055
|
+
#
|
5056
|
+
# resp = client.get_configuration_policy({
|
5057
|
+
# identifier: "NonEmptyString", # required
|
5058
|
+
# })
|
5059
|
+
#
|
5060
|
+
# @example Response structure
|
5061
|
+
#
|
5062
|
+
# resp.arn #=> String
|
5063
|
+
# resp.id #=> String
|
5064
|
+
# resp.name #=> String
|
5065
|
+
# resp.description #=> String
|
5066
|
+
# resp.updated_at #=> Time
|
5067
|
+
# resp.created_at #=> Time
|
5068
|
+
# resp.configuration_policy.security_hub.service_enabled #=> Boolean
|
5069
|
+
# resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
|
5070
|
+
# resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
|
5071
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
|
5072
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
|
5073
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
|
5074
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
|
5075
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
|
5076
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
|
5077
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
|
5078
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
|
5079
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
|
5080
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
|
5081
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
|
5082
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
|
5083
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
|
5084
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
|
5085
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
|
5086
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
|
5087
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
|
5088
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
|
5089
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
|
5090
|
+
#
|
5091
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicy AWS API Documentation
|
5092
|
+
#
|
5093
|
+
# @overload get_configuration_policy(params = {})
|
5094
|
+
# @param [Hash] params ({})
|
5095
|
+
def get_configuration_policy(params = {}, options = {})
|
5096
|
+
req = build_request(:get_configuration_policy, params)
|
5097
|
+
req.send_request(options)
|
5098
|
+
end
|
5099
|
+
|
5100
|
+
# Returns the association between a configuration and a target account,
|
5101
|
+
# organizational unit, or the root. The configuration can be a
|
5102
|
+
# configuration policy or self-managed behavior. Only the Security Hub
|
5103
|
+
# delegated administrator can invoke this operation from the home
|
5104
|
+
# Region.
|
5105
|
+
#
|
5106
|
+
# @option params [required, Types::Target] :target
|
5107
|
+
# The target account ID, organizational unit ID, or the root ID to
|
5108
|
+
# retrieve the association for.
|
5109
|
+
#
|
5110
|
+
# @return [Types::GetConfigurationPolicyAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
5111
|
+
#
|
5112
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#configuration_policy_id #configuration_policy_id} => String
|
5113
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#target_id #target_id} => String
|
5114
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#target_type #target_type} => String
|
5115
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#association_type #association_type} => String
|
5116
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#updated_at #updated_at} => Time
|
5117
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#association_status #association_status} => String
|
5118
|
+
# * {Types::GetConfigurationPolicyAssociationResponse#association_status_message #association_status_message} => String
|
5119
|
+
#
|
5120
|
+
#
|
5121
|
+
# @example Example: To get details about a configuration association
|
5122
|
+
#
|
5123
|
+
# # This operation provides details about configuration associations for a specific target account, organizational unit, or
|
5124
|
+
# # the root.
|
5125
|
+
#
|
5126
|
+
# resp = client.get_configuration_policy_association({
|
5127
|
+
# target: {
|
5128
|
+
# account_id: "111122223333",
|
5129
|
+
# },
|
5130
|
+
# })
|
5131
|
+
#
|
5132
|
+
# resp.to_h outputs the following:
|
5133
|
+
# {
|
5134
|
+
# association_status: "FAILED",
|
5135
|
+
# association_status_message: "Configuration Policy a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 couldn\u2019t be applied to account 111122223333 in us-east-1 Region. Retry your request.",
|
5136
|
+
# association_type: "INHERITED",
|
5137
|
+
# configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
5138
|
+
# target_id: "111122223333",
|
5139
|
+
# target_type: "ACCOUNT",
|
5140
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
5141
|
+
# }
|
5142
|
+
#
|
5143
|
+
# @example Request syntax with placeholder values
|
5144
|
+
#
|
5145
|
+
# resp = client.get_configuration_policy_association({
|
5146
|
+
# target: { # required
|
5147
|
+
# account_id: "NonEmptyString",
|
5148
|
+
# organizational_unit_id: "NonEmptyString",
|
5149
|
+
# root_id: "NonEmptyString",
|
5150
|
+
# },
|
5151
|
+
# })
|
5152
|
+
#
|
5153
|
+
# @example Response structure
|
5154
|
+
#
|
5155
|
+
# resp.configuration_policy_id #=> String
|
5156
|
+
# resp.target_id #=> String
|
5157
|
+
# resp.target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
|
5158
|
+
# resp.association_type #=> String, one of "INHERITED", "APPLIED"
|
5159
|
+
# resp.updated_at #=> Time
|
5160
|
+
# resp.association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
|
5161
|
+
# resp.association_status_message #=> String
|
5162
|
+
#
|
5163
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetConfigurationPolicyAssociation AWS API Documentation
|
5164
|
+
#
|
5165
|
+
# @overload get_configuration_policy_association(params = {})
|
5166
|
+
# @param [Hash] params ({})
|
5167
|
+
def get_configuration_policy_association(params = {}, options = {})
|
5168
|
+
req = build_request(:get_configuration_policy_association, params)
|
5169
|
+
req.send_request(options)
|
5170
|
+
end
|
5171
|
+
|
4495
5172
|
# Returns a list of the standards that are currently enabled.
|
4496
5173
|
#
|
4497
5174
|
# @option params [Array<String>] :standards_subscription_arns
|
@@ -5009,6 +5686,8 @@ module Aws::SecurityHub
|
|
5009
5686
|
# gte: 1.0,
|
5010
5687
|
# lte: 1.0,
|
5011
5688
|
# eq: 1.0,
|
5689
|
+
# gt: 1.0,
|
5690
|
+
# lt: 1.0,
|
5012
5691
|
# },
|
5013
5692
|
# ],
|
5014
5693
|
# severity_normalized: [
|
@@ -5016,6 +5695,8 @@ module Aws::SecurityHub
|
|
5016
5695
|
# gte: 1.0,
|
5017
5696
|
# lte: 1.0,
|
5018
5697
|
# eq: 1.0,
|
5698
|
+
# gt: 1.0,
|
5699
|
+
# lt: 1.0,
|
5019
5700
|
# },
|
5020
5701
|
# ],
|
5021
5702
|
# severity_label: [
|
@@ -5029,6 +5710,8 @@ module Aws::SecurityHub
|
|
5029
5710
|
# gte: 1.0,
|
5030
5711
|
# lte: 1.0,
|
5031
5712
|
# eq: 1.0,
|
5713
|
+
# gt: 1.0,
|
5714
|
+
# lt: 1.0,
|
5032
5715
|
# },
|
5033
5716
|
# ],
|
5034
5717
|
# criticality: [
|
@@ -5036,6 +5719,8 @@ module Aws::SecurityHub
|
|
5036
5719
|
# gte: 1.0,
|
5037
5720
|
# lte: 1.0,
|
5038
5721
|
# eq: 1.0,
|
5722
|
+
# gt: 1.0,
|
5723
|
+
# lt: 1.0,
|
5039
5724
|
# },
|
5040
5725
|
# ],
|
5041
5726
|
# title: [
|
@@ -5139,6 +5824,8 @@ module Aws::SecurityHub
|
|
5139
5824
|
# gte: 1.0,
|
5140
5825
|
# lte: 1.0,
|
5141
5826
|
# eq: 1.0,
|
5827
|
+
# gt: 1.0,
|
5828
|
+
# lt: 1.0,
|
5142
5829
|
# },
|
5143
5830
|
# ],
|
5144
5831
|
# network_source_domain: [
|
@@ -5168,6 +5855,8 @@ module Aws::SecurityHub
|
|
5168
5855
|
# gte: 1.0,
|
5169
5856
|
# lte: 1.0,
|
5170
5857
|
# eq: 1.0,
|
5858
|
+
# gt: 1.0,
|
5859
|
+
# lt: 1.0,
|
5171
5860
|
# },
|
5172
5861
|
# ],
|
5173
5862
|
# network_destination_domain: [
|
@@ -5193,6 +5882,8 @@ module Aws::SecurityHub
|
|
5193
5882
|
# gte: 1.0,
|
5194
5883
|
# lte: 1.0,
|
5195
5884
|
# eq: 1.0,
|
5885
|
+
# gt: 1.0,
|
5886
|
+
# lt: 1.0,
|
5196
5887
|
# },
|
5197
5888
|
# ],
|
5198
5889
|
# process_parent_pid: [
|
@@ -5200,6 +5891,8 @@ module Aws::SecurityHub
|
|
5200
5891
|
# gte: 1.0,
|
5201
5892
|
# lte: 1.0,
|
5202
5893
|
# eq: 1.0,
|
5894
|
+
# gt: 1.0,
|
5895
|
+
# lt: 1.0,
|
5203
5896
|
# },
|
5204
5897
|
# ],
|
5205
5898
|
# process_launched_at: [
|
@@ -5504,6 +6197,8 @@ module Aws::SecurityHub
|
|
5504
6197
|
# gte: 1.0,
|
5505
6198
|
# lte: 1.0,
|
5506
6199
|
# eq: 1.0,
|
6200
|
+
# gt: 1.0,
|
6201
|
+
# lt: 1.0,
|
5507
6202
|
# },
|
5508
6203
|
# ],
|
5509
6204
|
# finding_provider_fields_criticality: [
|
@@ -5511,6 +6206,8 @@ module Aws::SecurityHub
|
|
5511
6206
|
# gte: 1.0,
|
5512
6207
|
# lte: 1.0,
|
5513
6208
|
# eq: 1.0,
|
6209
|
+
# gt: 1.0,
|
6210
|
+
# lt: 1.0,
|
5514
6211
|
# },
|
5515
6212
|
# ],
|
5516
6213
|
# finding_provider_fields_related_findings_id: [
|
@@ -5560,7 +6257,49 @@ module Aws::SecurityHub
|
|
5560
6257
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
5561
6258
|
# },
|
5562
6259
|
# ],
|
5563
|
-
#
|
6260
|
+
# vulnerabilities_exploit_available: [
|
6261
|
+
# {
|
6262
|
+
# value: "NonEmptyString",
|
6263
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
6264
|
+
# },
|
6265
|
+
# ],
|
6266
|
+
# vulnerabilities_fix_available: [
|
6267
|
+
# {
|
6268
|
+
# value: "NonEmptyString",
|
6269
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
6270
|
+
# },
|
6271
|
+
# ],
|
6272
|
+
# compliance_security_control_parameters_name: [
|
6273
|
+
# {
|
6274
|
+
# value: "NonEmptyString",
|
6275
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
6276
|
+
# },
|
6277
|
+
# ],
|
6278
|
+
# compliance_security_control_parameters_value: [
|
6279
|
+
# {
|
6280
|
+
# value: "NonEmptyString",
|
6281
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
6282
|
+
# },
|
6283
|
+
# ],
|
6284
|
+
# aws_account_name: [
|
6285
|
+
# {
|
6286
|
+
# value: "NonEmptyString",
|
6287
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
6288
|
+
# },
|
6289
|
+
# ],
|
6290
|
+
# resource_application_name: [
|
6291
|
+
# {
|
6292
|
+
# value: "NonEmptyString",
|
6293
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
6294
|
+
# },
|
6295
|
+
# ],
|
6296
|
+
# resource_application_arn: [
|
6297
|
+
# {
|
6298
|
+
# value: "NonEmptyString",
|
6299
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
6300
|
+
# },
|
6301
|
+
# ],
|
6302
|
+
# },
|
5564
6303
|
# sort_criteria: [
|
5565
6304
|
# {
|
5566
6305
|
# field: "NonEmptyString",
|
@@ -5756,10 +6495,14 @@ module Aws::SecurityHub
|
|
5756
6495
|
# resp.insights[0].filters.severity_product[0].gte #=> Float
|
5757
6496
|
# resp.insights[0].filters.severity_product[0].lte #=> Float
|
5758
6497
|
# resp.insights[0].filters.severity_product[0].eq #=> Float
|
6498
|
+
# resp.insights[0].filters.severity_product[0].gt #=> Float
|
6499
|
+
# resp.insights[0].filters.severity_product[0].lt #=> Float
|
5759
6500
|
# resp.insights[0].filters.severity_normalized #=> Array
|
5760
6501
|
# resp.insights[0].filters.severity_normalized[0].gte #=> Float
|
5761
6502
|
# resp.insights[0].filters.severity_normalized[0].lte #=> Float
|
5762
6503
|
# resp.insights[0].filters.severity_normalized[0].eq #=> Float
|
6504
|
+
# resp.insights[0].filters.severity_normalized[0].gt #=> Float
|
6505
|
+
# resp.insights[0].filters.severity_normalized[0].lt #=> Float
|
5763
6506
|
# resp.insights[0].filters.severity_label #=> Array
|
5764
6507
|
# resp.insights[0].filters.severity_label[0].value #=> String
|
5765
6508
|
# resp.insights[0].filters.severity_label[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
@@ -5767,10 +6510,14 @@ module Aws::SecurityHub
|
|
5767
6510
|
# resp.insights[0].filters.confidence[0].gte #=> Float
|
5768
6511
|
# resp.insights[0].filters.confidence[0].lte #=> Float
|
5769
6512
|
# resp.insights[0].filters.confidence[0].eq #=> Float
|
6513
|
+
# resp.insights[0].filters.confidence[0].gt #=> Float
|
6514
|
+
# resp.insights[0].filters.confidence[0].lt #=> Float
|
5770
6515
|
# resp.insights[0].filters.criticality #=> Array
|
5771
6516
|
# resp.insights[0].filters.criticality[0].gte #=> Float
|
5772
6517
|
# resp.insights[0].filters.criticality[0].lte #=> Float
|
5773
6518
|
# resp.insights[0].filters.criticality[0].eq #=> Float
|
6519
|
+
# resp.insights[0].filters.criticality[0].gt #=> Float
|
6520
|
+
# resp.insights[0].filters.criticality[0].lt #=> Float
|
5774
6521
|
# resp.insights[0].filters.title #=> Array
|
5775
6522
|
# resp.insights[0].filters.title[0].value #=> String
|
5776
6523
|
# resp.insights[0].filters.title[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
@@ -5823,6 +6570,8 @@ module Aws::SecurityHub
|
|
5823
6570
|
# resp.insights[0].filters.network_source_port[0].gte #=> Float
|
5824
6571
|
# resp.insights[0].filters.network_source_port[0].lte #=> Float
|
5825
6572
|
# resp.insights[0].filters.network_source_port[0].eq #=> Float
|
6573
|
+
# resp.insights[0].filters.network_source_port[0].gt #=> Float
|
6574
|
+
# resp.insights[0].filters.network_source_port[0].lt #=> Float
|
5826
6575
|
# resp.insights[0].filters.network_source_domain #=> Array
|
5827
6576
|
# resp.insights[0].filters.network_source_domain[0].value #=> String
|
5828
6577
|
# resp.insights[0].filters.network_source_domain[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
@@ -5837,6 +6586,8 @@ module Aws::SecurityHub
|
|
5837
6586
|
# resp.insights[0].filters.network_destination_port[0].gte #=> Float
|
5838
6587
|
# resp.insights[0].filters.network_destination_port[0].lte #=> Float
|
5839
6588
|
# resp.insights[0].filters.network_destination_port[0].eq #=> Float
|
6589
|
+
# resp.insights[0].filters.network_destination_port[0].gt #=> Float
|
6590
|
+
# resp.insights[0].filters.network_destination_port[0].lt #=> Float
|
5840
6591
|
# resp.insights[0].filters.network_destination_domain #=> Array
|
5841
6592
|
# resp.insights[0].filters.network_destination_domain[0].value #=> String
|
5842
6593
|
# resp.insights[0].filters.network_destination_domain[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
@@ -5850,10 +6601,14 @@ module Aws::SecurityHub
|
|
5850
6601
|
# resp.insights[0].filters.process_pid[0].gte #=> Float
|
5851
6602
|
# resp.insights[0].filters.process_pid[0].lte #=> Float
|
5852
6603
|
# resp.insights[0].filters.process_pid[0].eq #=> Float
|
6604
|
+
# resp.insights[0].filters.process_pid[0].gt #=> Float
|
6605
|
+
# resp.insights[0].filters.process_pid[0].lt #=> Float
|
5853
6606
|
# resp.insights[0].filters.process_parent_pid #=> Array
|
5854
6607
|
# resp.insights[0].filters.process_parent_pid[0].gte #=> Float
|
5855
6608
|
# resp.insights[0].filters.process_parent_pid[0].lte #=> Float
|
5856
6609
|
# resp.insights[0].filters.process_parent_pid[0].eq #=> Float
|
6610
|
+
# resp.insights[0].filters.process_parent_pid[0].gt #=> Float
|
6611
|
+
# resp.insights[0].filters.process_parent_pid[0].lt #=> Float
|
5857
6612
|
# resp.insights[0].filters.process_launched_at #=> Array
|
5858
6613
|
# resp.insights[0].filters.process_launched_at[0].start #=> String
|
5859
6614
|
# resp.insights[0].filters.process_launched_at[0].end #=> String
|
@@ -6006,10 +6761,14 @@ module Aws::SecurityHub
|
|
6006
6761
|
# resp.insights[0].filters.finding_provider_fields_confidence[0].gte #=> Float
|
6007
6762
|
# resp.insights[0].filters.finding_provider_fields_confidence[0].lte #=> Float
|
6008
6763
|
# resp.insights[0].filters.finding_provider_fields_confidence[0].eq #=> Float
|
6764
|
+
# resp.insights[0].filters.finding_provider_fields_confidence[0].gt #=> Float
|
6765
|
+
# resp.insights[0].filters.finding_provider_fields_confidence[0].lt #=> Float
|
6009
6766
|
# resp.insights[0].filters.finding_provider_fields_criticality #=> Array
|
6010
6767
|
# resp.insights[0].filters.finding_provider_fields_criticality[0].gte #=> Float
|
6011
6768
|
# resp.insights[0].filters.finding_provider_fields_criticality[0].lte #=> Float
|
6012
6769
|
# resp.insights[0].filters.finding_provider_fields_criticality[0].eq #=> Float
|
6770
|
+
# resp.insights[0].filters.finding_provider_fields_criticality[0].gt #=> Float
|
6771
|
+
# resp.insights[0].filters.finding_provider_fields_criticality[0].lt #=> Float
|
6013
6772
|
# resp.insights[0].filters.finding_provider_fields_related_findings_id #=> Array
|
6014
6773
|
# resp.insights[0].filters.finding_provider_fields_related_findings_id[0].value #=> String
|
6015
6774
|
# resp.insights[0].filters.finding_provider_fields_related_findings_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
@@ -6033,6 +6792,27 @@ module Aws::SecurityHub
|
|
6033
6792
|
# resp.insights[0].filters.compliance_associated_standards_id #=> Array
|
6034
6793
|
# resp.insights[0].filters.compliance_associated_standards_id[0].value #=> String
|
6035
6794
|
# resp.insights[0].filters.compliance_associated_standards_id[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
6795
|
+
# resp.insights[0].filters.vulnerabilities_exploit_available #=> Array
|
6796
|
+
# resp.insights[0].filters.vulnerabilities_exploit_available[0].value #=> String
|
6797
|
+
# resp.insights[0].filters.vulnerabilities_exploit_available[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
6798
|
+
# resp.insights[0].filters.vulnerabilities_fix_available #=> Array
|
6799
|
+
# resp.insights[0].filters.vulnerabilities_fix_available[0].value #=> String
|
6800
|
+
# resp.insights[0].filters.vulnerabilities_fix_available[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
6801
|
+
# resp.insights[0].filters.compliance_security_control_parameters_name #=> Array
|
6802
|
+
# resp.insights[0].filters.compliance_security_control_parameters_name[0].value #=> String
|
6803
|
+
# resp.insights[0].filters.compliance_security_control_parameters_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
6804
|
+
# resp.insights[0].filters.compliance_security_control_parameters_value #=> Array
|
6805
|
+
# resp.insights[0].filters.compliance_security_control_parameters_value[0].value #=> String
|
6806
|
+
# resp.insights[0].filters.compliance_security_control_parameters_value[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
6807
|
+
# resp.insights[0].filters.aws_account_name #=> Array
|
6808
|
+
# resp.insights[0].filters.aws_account_name[0].value #=> String
|
6809
|
+
# resp.insights[0].filters.aws_account_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
6810
|
+
# resp.insights[0].filters.resource_application_name #=> Array
|
6811
|
+
# resp.insights[0].filters.resource_application_name[0].value #=> String
|
6812
|
+
# resp.insights[0].filters.resource_application_name[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
6813
|
+
# resp.insights[0].filters.resource_application_arn #=> Array
|
6814
|
+
# resp.insights[0].filters.resource_application_arn[0].value #=> String
|
6815
|
+
# resp.insights[0].filters.resource_application_arn[0].comparison #=> String, one of "EQUALS", "PREFIX", "NOT_EQUALS", "PREFIX_NOT_EQUALS", "CONTAINS", "NOT_CONTAINS"
|
6036
6816
|
# resp.insights[0].group_by_attribute #=> String
|
6037
6817
|
# resp.next_token #=> String
|
6038
6818
|
#
|
@@ -6201,6 +6981,107 @@ module Aws::SecurityHub
|
|
6201
6981
|
req.send_request(options)
|
6202
6982
|
end
|
6203
6983
|
|
6984
|
+
# Retrieves the definition of a security control. The definition
|
6985
|
+
# includes the control title, description, Region availability,
|
6986
|
+
# parameter definitions, and other details.
|
6987
|
+
#
|
6988
|
+
# @option params [required, String] :security_control_id
|
6989
|
+
# The ID of the security control to retrieve the definition for. This
|
6990
|
+
# field doesn’t accept an Amazon Resource Name (ARN).
|
6991
|
+
#
|
6992
|
+
# @return [Types::GetSecurityControlDefinitionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
6993
|
+
#
|
6994
|
+
# * {Types::GetSecurityControlDefinitionResponse#security_control_definition #security_control_definition} => Types::SecurityControlDefinition
|
6995
|
+
#
|
6996
|
+
#
|
6997
|
+
# @example Example: To get the definition of a security control.
|
6998
|
+
#
|
6999
|
+
# # The following example retrieves definition details for the specified security control.
|
7000
|
+
#
|
7001
|
+
# resp = client.get_security_control_definition({
|
7002
|
+
# security_control_id: "EC2.4",
|
7003
|
+
# })
|
7004
|
+
#
|
7005
|
+
# resp.to_h outputs the following:
|
7006
|
+
# {
|
7007
|
+
# security_control_definition: {
|
7008
|
+
# current_region_availability: "AVAILABLE",
|
7009
|
+
# description: "This control checks whether an Amazon EC2 instance has been stopped for longer than the allowed number of days. The control fails if an EC2 instance is stopped for longer than the maximum allowed time period. Unless you provide a custom parameter value for the maximum allowed time period, Security Hub uses a default value of 30 days.",
|
7010
|
+
# parameter_definitions: {
|
7011
|
+
# "AllowedDays" => {
|
7012
|
+
# configuration_options: {
|
7013
|
+
# integer: {
|
7014
|
+
# default_value: 30,
|
7015
|
+
# max: 365,
|
7016
|
+
# min: 1,
|
7017
|
+
# },
|
7018
|
+
# },
|
7019
|
+
# description: "Number of days the EC2 instance is allowed to be in a stopped state before generating a failed finding",
|
7020
|
+
# },
|
7021
|
+
# },
|
7022
|
+
# remediation_url: "https://docs.aws.amazon.com/console/securityhub/EC2.4/remediation",
|
7023
|
+
# security_control_id: "EC2.4",
|
7024
|
+
# severity_rating: "MEDIUM",
|
7025
|
+
# title: "Stopped Amazon EC2 instances should be removed after a specified time period",
|
7026
|
+
# },
|
7027
|
+
# }
|
7028
|
+
#
|
7029
|
+
# @example Request syntax with placeholder values
|
7030
|
+
#
|
7031
|
+
# resp = client.get_security_control_definition({
|
7032
|
+
# security_control_id: "NonEmptyString", # required
|
7033
|
+
# })
|
7034
|
+
#
|
7035
|
+
# @example Response structure
|
7036
|
+
#
|
7037
|
+
# resp.security_control_definition.security_control_id #=> String
|
7038
|
+
# resp.security_control_definition.title #=> String
|
7039
|
+
# resp.security_control_definition.description #=> String
|
7040
|
+
# resp.security_control_definition.remediation_url #=> String
|
7041
|
+
# resp.security_control_definition.severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
|
7042
|
+
# resp.security_control_definition.current_region_availability #=> String, one of "AVAILABLE", "UNAVAILABLE"
|
7043
|
+
# resp.security_control_definition.customizable_properties #=> Array
|
7044
|
+
# resp.security_control_definition.customizable_properties[0] #=> String, one of "Parameters"
|
7045
|
+
# resp.security_control_definition.parameter_definitions #=> Hash
|
7046
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].description #=> String
|
7047
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.default_value #=> Integer
|
7048
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.min #=> Integer
|
7049
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer.max #=> Integer
|
7050
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value #=> Array
|
7051
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value[0] #=> Integer
|
7052
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.min #=> Integer
|
7053
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.max #=> Integer
|
7054
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.integer_list.max_items #=> Integer
|
7055
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.default_value #=> Float
|
7056
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.min #=> Float
|
7057
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.double.max #=> Float
|
7058
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.default_value #=> String
|
7059
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.re_2_expression #=> String
|
7060
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string.expression_description #=> String
|
7061
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value #=> Array
|
7062
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value[0] #=> String
|
7063
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.re_2_expression #=> String
|
7064
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.max_items #=> Integer
|
7065
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.string_list.expression_description #=> String
|
7066
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.boolean.default_value #=> Boolean
|
7067
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.default_value #=> String
|
7068
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values #=> Array
|
7069
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values[0] #=> String
|
7070
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value #=> Array
|
7071
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value[0] #=> String
|
7072
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.max_items #=> Integer
|
7073
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values #=> Array
|
7074
|
+
# resp.security_control_definition.parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values[0] #=> String
|
7075
|
+
#
|
7076
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetSecurityControlDefinition AWS API Documentation
|
7077
|
+
#
|
7078
|
+
# @overload get_security_control_definition(params = {})
|
7079
|
+
# @param [Hash] params ({})
|
7080
|
+
def get_security_control_definition(params = {}, options = {})
|
7081
|
+
req = build_request(:get_security_control_definition, params)
|
7082
|
+
req.send_request(options)
|
7083
|
+
end
|
7084
|
+
|
6204
7085
|
# Invites other Amazon Web Services accounts to become member accounts
|
6205
7086
|
# for the Security Hub administrator account that the invitation is sent
|
6206
7087
|
# from.
|
@@ -6349,6 +7230,185 @@ module Aws::SecurityHub
|
|
6349
7230
|
req.send_request(options)
|
6350
7231
|
end
|
6351
7232
|
|
7233
|
+
# Lists the configuration policies that the Security Hub delegated
|
7234
|
+
# administrator has created for your organization. Only the delegated
|
7235
|
+
# administrator can invoke this operation from the home Region.
|
7236
|
+
#
|
7237
|
+
# @option params [String] :next_token
|
7238
|
+
# The NextToken value that's returned from a previous paginated
|
7239
|
+
# `ListConfigurationPolicies` request where `MaxResults` was used but
|
7240
|
+
# the results exceeded the value of that parameter. Pagination continues
|
7241
|
+
# from the `MaxResults` was used but the results exceeded the value of
|
7242
|
+
# that parameter. Pagination continues from the end of the previous
|
7243
|
+
# response that returned the `NextToken` value. This value is `null`
|
7244
|
+
# when there are no more results to return.
|
7245
|
+
#
|
7246
|
+
# @option params [Integer] :max_results
|
7247
|
+
# The maximum number of results that's returned by
|
7248
|
+
# `ListConfigurationPolicies` in each page of the response. When this
|
7249
|
+
# parameter is used, `ListConfigurationPolicies` returns the specified
|
7250
|
+
# number of results in a single page and a `NextToken` response element.
|
7251
|
+
# You can see the remaining results of the initial request by sending
|
7252
|
+
# another `ListConfigurationPolicies` request with the returned
|
7253
|
+
# `NextToken` value. A valid range for `MaxResults` is between 1 and
|
7254
|
+
# 100.
|
7255
|
+
#
|
7256
|
+
# @return [Types::ListConfigurationPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
7257
|
+
#
|
7258
|
+
# * {Types::ListConfigurationPoliciesResponse#configuration_policy_summaries #configuration_policy_summaries} => Array<Types::ConfigurationPolicySummary>
|
7259
|
+
# * {Types::ListConfigurationPoliciesResponse#next_token #next_token} => String
|
7260
|
+
#
|
7261
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
7262
|
+
#
|
7263
|
+
#
|
7264
|
+
# @example Example: To view a list of configuration policies
|
7265
|
+
#
|
7266
|
+
# # This operation provides a list of your configuration policies, including metadata for each policy.
|
7267
|
+
#
|
7268
|
+
# resp = client.list_configuration_policies({
|
7269
|
+
# max_results: 1,
|
7270
|
+
# next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf",
|
7271
|
+
# })
|
7272
|
+
#
|
7273
|
+
# resp.to_h outputs the following:
|
7274
|
+
# {
|
7275
|
+
# configuration_policy_summaries: [
|
7276
|
+
# {
|
7277
|
+
# arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
7278
|
+
# description: "Configuration policy for testing FSBP and CIS",
|
7279
|
+
# id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
7280
|
+
# name: "TestConfigurationPolicy",
|
7281
|
+
# service_enabled: true,
|
7282
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
7283
|
+
# },
|
7284
|
+
# ],
|
7285
|
+
# next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef",
|
7286
|
+
# }
|
7287
|
+
#
|
7288
|
+
# @example Request syntax with placeholder values
|
7289
|
+
#
|
7290
|
+
# resp = client.list_configuration_policies({
|
7291
|
+
# next_token: "NextToken",
|
7292
|
+
# max_results: 1,
|
7293
|
+
# })
|
7294
|
+
#
|
7295
|
+
# @example Response structure
|
7296
|
+
#
|
7297
|
+
# resp.configuration_policy_summaries #=> Array
|
7298
|
+
# resp.configuration_policy_summaries[0].arn #=> String
|
7299
|
+
# resp.configuration_policy_summaries[0].id #=> String
|
7300
|
+
# resp.configuration_policy_summaries[0].name #=> String
|
7301
|
+
# resp.configuration_policy_summaries[0].description #=> String
|
7302
|
+
# resp.configuration_policy_summaries[0].updated_at #=> Time
|
7303
|
+
# resp.configuration_policy_summaries[0].service_enabled #=> Boolean
|
7304
|
+
# resp.next_token #=> String
|
7305
|
+
#
|
7306
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicies AWS API Documentation
|
7307
|
+
#
|
7308
|
+
# @overload list_configuration_policies(params = {})
|
7309
|
+
# @param [Hash] params ({})
|
7310
|
+
def list_configuration_policies(params = {}, options = {})
|
7311
|
+
req = build_request(:list_configuration_policies, params)
|
7312
|
+
req.send_request(options)
|
7313
|
+
end
|
7314
|
+
|
7315
|
+
# Provides information about the associations for your configuration
|
7316
|
+
# policies and self-managed behavior. Only the Security Hub delegated
|
7317
|
+
# administrator can invoke this operation from the home Region.
|
7318
|
+
#
|
7319
|
+
# @option params [String] :next_token
|
7320
|
+
# The `NextToken` value that's returned from a previous paginated
|
7321
|
+
# `ListConfigurationPolicyAssociations` request where `MaxResults` was
|
7322
|
+
# used but the results exceeded the value of that parameter. Pagination
|
7323
|
+
# continues from the end of the previous response that returned the
|
7324
|
+
# `NextToken` value. This value is `null` when there are no more results
|
7325
|
+
# to return.
|
7326
|
+
#
|
7327
|
+
# @option params [Integer] :max_results
|
7328
|
+
# The maximum number of results that's returned by
|
7329
|
+
# `ListConfigurationPolicies` in each page of the response. When this
|
7330
|
+
# parameter is used, `ListConfigurationPolicyAssociations` returns the
|
7331
|
+
# specified number of results in a single page and a `NextToken`
|
7332
|
+
# response element. You can see the remaining results of the initial
|
7333
|
+
# request by sending another `ListConfigurationPolicyAssociations`
|
7334
|
+
# request with the returned `NextToken` value. A valid range for
|
7335
|
+
# `MaxResults` is between 1 and 100.
|
7336
|
+
#
|
7337
|
+
# @option params [Types::AssociationFilters] :filters
|
7338
|
+
# Options for filtering the `ListConfigurationPolicyAssociations`
|
7339
|
+
# response. You can filter by the Amazon Resource Name (ARN) or
|
7340
|
+
# universally unique identifier (UUID) of a configuration,
|
7341
|
+
# `AssociationType`, or `AssociationStatus`.
|
7342
|
+
#
|
7343
|
+
# @return [Types::ListConfigurationPolicyAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
7344
|
+
#
|
7345
|
+
# * {Types::ListConfigurationPolicyAssociationsResponse#configuration_policy_association_summaries #configuration_policy_association_summaries} => Array<Types::ConfigurationPolicyAssociationSummary>
|
7346
|
+
# * {Types::ListConfigurationPolicyAssociationsResponse#next_token #next_token} => String
|
7347
|
+
#
|
7348
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
7349
|
+
#
|
7350
|
+
#
|
7351
|
+
# @example Example: To list configuration associations
|
7352
|
+
#
|
7353
|
+
# # This operation lists all of the associations between targets and configuration policies or self-managed behavior.
|
7354
|
+
# # Targets can include accounts, organizational units, or the root.
|
7355
|
+
#
|
7356
|
+
# resp = client.list_configuration_policy_associations({
|
7357
|
+
# filters: {
|
7358
|
+
# association_type: "APPLIED",
|
7359
|
+
# },
|
7360
|
+
# max_results: 1,
|
7361
|
+
# next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf",
|
7362
|
+
# })
|
7363
|
+
#
|
7364
|
+
# resp.to_h outputs the following:
|
7365
|
+
# {
|
7366
|
+
# configuration_policy_association_summaries: [
|
7367
|
+
# {
|
7368
|
+
# association_status: "PENDING",
|
7369
|
+
# association_type: "APPLIED",
|
7370
|
+
# configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
7371
|
+
# target_id: "123456789012",
|
7372
|
+
# target_type: "ACCOUNT",
|
7373
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
7374
|
+
# },
|
7375
|
+
# ],
|
7376
|
+
# next_token: "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef",
|
7377
|
+
# }
|
7378
|
+
#
|
7379
|
+
# @example Request syntax with placeholder values
|
7380
|
+
#
|
7381
|
+
# resp = client.list_configuration_policy_associations({
|
7382
|
+
# next_token: "NextToken",
|
7383
|
+
# max_results: 1,
|
7384
|
+
# filters: {
|
7385
|
+
# configuration_policy_id: "NonEmptyString",
|
7386
|
+
# association_type: "INHERITED", # accepts INHERITED, APPLIED
|
7387
|
+
# association_status: "PENDING", # accepts PENDING, SUCCESS, FAILED
|
7388
|
+
# },
|
7389
|
+
# })
|
7390
|
+
#
|
7391
|
+
# @example Response structure
|
7392
|
+
#
|
7393
|
+
# resp.configuration_policy_association_summaries #=> Array
|
7394
|
+
# resp.configuration_policy_association_summaries[0].configuration_policy_id #=> String
|
7395
|
+
# resp.configuration_policy_association_summaries[0].target_id #=> String
|
7396
|
+
# resp.configuration_policy_association_summaries[0].target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
|
7397
|
+
# resp.configuration_policy_association_summaries[0].association_type #=> String, one of "INHERITED", "APPLIED"
|
7398
|
+
# resp.configuration_policy_association_summaries[0].updated_at #=> Time
|
7399
|
+
# resp.configuration_policy_association_summaries[0].association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
|
7400
|
+
# resp.configuration_policy_association_summaries[0].association_status_message #=> String
|
7401
|
+
# resp.next_token #=> String
|
7402
|
+
#
|
7403
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListConfigurationPolicyAssociations AWS API Documentation
|
7404
|
+
#
|
7405
|
+
# @overload list_configuration_policy_associations(params = {})
|
7406
|
+
# @param [Hash] params ({})
|
7407
|
+
def list_configuration_policy_associations(params = {}, options = {})
|
7408
|
+
req = build_request(:list_configuration_policy_associations, params)
|
7409
|
+
req.send_request(options)
|
7410
|
+
end
|
7411
|
+
|
6352
7412
|
# Lists all findings-generating solutions (products) that you are
|
6353
7413
|
# subscribed to receive findings from in Security Hub.
|
6354
7414
|
#
|
@@ -6742,6 +7802,9 @@ module Aws::SecurityHub
|
|
6742
7802
|
# security_control_definitions: [
|
6743
7803
|
# {
|
6744
7804
|
# current_region_availability: "AVAILABLE",
|
7805
|
+
# customizable_properties: [
|
7806
|
+
# "Parameters",
|
7807
|
+
# ],
|
6745
7808
|
# description: "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.",
|
6746
7809
|
# remediation_url: "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation",
|
6747
7810
|
# security_control_id: "ACM.1",
|
@@ -6750,6 +7813,9 @@ module Aws::SecurityHub
|
|
6750
7813
|
# },
|
6751
7814
|
# {
|
6752
7815
|
# current_region_availability: "AVAILABLE",
|
7816
|
+
# customizable_properties: [
|
7817
|
+
# "Parameters",
|
7818
|
+
# ],
|
6753
7819
|
# description: "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.",
|
6754
7820
|
# remediation_url: "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation",
|
6755
7821
|
# security_control_id: "APIGateway.1",
|
@@ -6784,6 +7850,38 @@ module Aws::SecurityHub
|
|
6784
7850
|
# resp.security_control_definitions[0].remediation_url #=> String
|
6785
7851
|
# resp.security_control_definitions[0].severity_rating #=> String, one of "LOW", "MEDIUM", "HIGH", "CRITICAL"
|
6786
7852
|
# resp.security_control_definitions[0].current_region_availability #=> String, one of "AVAILABLE", "UNAVAILABLE"
|
7853
|
+
# resp.security_control_definitions[0].customizable_properties #=> Array
|
7854
|
+
# resp.security_control_definitions[0].customizable_properties[0] #=> String, one of "Parameters"
|
7855
|
+
# resp.security_control_definitions[0].parameter_definitions #=> Hash
|
7856
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].description #=> String
|
7857
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.default_value #=> Integer
|
7858
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.min #=> Integer
|
7859
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer.max #=> Integer
|
7860
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value #=> Array
|
7861
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.default_value[0] #=> Integer
|
7862
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.min #=> Integer
|
7863
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.max #=> Integer
|
7864
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.integer_list.max_items #=> Integer
|
7865
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.default_value #=> Float
|
7866
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.min #=> Float
|
7867
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.double.max #=> Float
|
7868
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.default_value #=> String
|
7869
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.re_2_expression #=> String
|
7870
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string.expression_description #=> String
|
7871
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value #=> Array
|
7872
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.default_value[0] #=> String
|
7873
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.re_2_expression #=> String
|
7874
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.max_items #=> Integer
|
7875
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.string_list.expression_description #=> String
|
7876
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.boolean.default_value #=> Boolean
|
7877
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.default_value #=> String
|
7878
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values #=> Array
|
7879
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum.allowed_values[0] #=> String
|
7880
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value #=> Array
|
7881
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.default_value[0] #=> String
|
7882
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.max_items #=> Integer
|
7883
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values #=> Array
|
7884
|
+
# resp.security_control_definitions[0].parameter_definitions["NonEmptyString"].configuration_options.enum_list.allowed_values[0] #=> String
|
6787
7885
|
# resp.next_token #=> String
|
6788
7886
|
#
|
6789
7887
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitions AWS API Documentation
|
@@ -6945,6 +8043,136 @@ module Aws::SecurityHub
|
|
6945
8043
|
req.send_request(options)
|
6946
8044
|
end
|
6947
8045
|
|
8046
|
+
# Associates a target account, organizational unit, or the root with a
|
8047
|
+
# specified configuration. The target can be associated with a
|
8048
|
+
# configuration policy or self-managed behavior. Only the Security Hub
|
8049
|
+
# delegated administrator can invoke this operation from the home
|
8050
|
+
# Region.
|
8051
|
+
#
|
8052
|
+
# @option params [required, String] :configuration_policy_identifier
|
8053
|
+
# The Amazon Resource Name (ARN) or universally unique identifier (UUID)
|
8054
|
+
# of the configuration policy.
|
8055
|
+
#
|
8056
|
+
# @option params [required, Types::Target] :target
|
8057
|
+
# The identifier of the target account, organizational unit, or the root
|
8058
|
+
# to associate with the specified configuration.
|
8059
|
+
#
|
8060
|
+
# @return [Types::StartConfigurationPolicyAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
8061
|
+
#
|
8062
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#configuration_policy_id #configuration_policy_id} => String
|
8063
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#target_id #target_id} => String
|
8064
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#target_type #target_type} => String
|
8065
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#association_type #association_type} => String
|
8066
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#updated_at #updated_at} => Time
|
8067
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#association_status #association_status} => String
|
8068
|
+
# * {Types::StartConfigurationPolicyAssociationResponse#association_status_message #association_status_message} => String
|
8069
|
+
#
|
8070
|
+
#
|
8071
|
+
# @example Example: To associate a configuration with a target
|
8072
|
+
#
|
8073
|
+
# # This operation associates a configuration policy or self-managed behavior with the target account, organizational unit,
|
8074
|
+
# # or the root.
|
8075
|
+
#
|
8076
|
+
# resp = client.start_configuration_policy_association({
|
8077
|
+
# configuration_policy_identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
8078
|
+
# target: {
|
8079
|
+
# account_id: "111122223333",
|
8080
|
+
# },
|
8081
|
+
# })
|
8082
|
+
#
|
8083
|
+
# resp.to_h outputs the following:
|
8084
|
+
# {
|
8085
|
+
# association_status: "SUCCESS",
|
8086
|
+
# association_status_message: "This field is populated only if the association fails",
|
8087
|
+
# association_type: "APPLIED",
|
8088
|
+
# configuration_policy_id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
8089
|
+
# target_id: "111122223333",
|
8090
|
+
# target_type: "ACCOUNT",
|
8091
|
+
# updated_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
8092
|
+
# }
|
8093
|
+
#
|
8094
|
+
# @example Request syntax with placeholder values
|
8095
|
+
#
|
8096
|
+
# resp = client.start_configuration_policy_association({
|
8097
|
+
# configuration_policy_identifier: "NonEmptyString", # required
|
8098
|
+
# target: { # required
|
8099
|
+
# account_id: "NonEmptyString",
|
8100
|
+
# organizational_unit_id: "NonEmptyString",
|
8101
|
+
# root_id: "NonEmptyString",
|
8102
|
+
# },
|
8103
|
+
# })
|
8104
|
+
#
|
8105
|
+
# @example Response structure
|
8106
|
+
#
|
8107
|
+
# resp.configuration_policy_id #=> String
|
8108
|
+
# resp.target_id #=> String
|
8109
|
+
# resp.target_type #=> String, one of "ACCOUNT", "ORGANIZATIONAL_UNIT"
|
8110
|
+
# resp.association_type #=> String, one of "INHERITED", "APPLIED"
|
8111
|
+
# resp.updated_at #=> Time
|
8112
|
+
# resp.association_status #=> String, one of "PENDING", "SUCCESS", "FAILED"
|
8113
|
+
# resp.association_status_message #=> String
|
8114
|
+
#
|
8115
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyAssociation AWS API Documentation
|
8116
|
+
#
|
8117
|
+
# @overload start_configuration_policy_association(params = {})
|
8118
|
+
# @param [Hash] params ({})
|
8119
|
+
def start_configuration_policy_association(params = {}, options = {})
|
8120
|
+
req = build_request(:start_configuration_policy_association, params)
|
8121
|
+
req.send_request(options)
|
8122
|
+
end
|
8123
|
+
|
8124
|
+
# Disassociates a target account, organizational unit, or the root from
|
8125
|
+
# a specified configuration. When you disassociate a configuration from
|
8126
|
+
# its target, the target inherits the configuration of the closest
|
8127
|
+
# parent. If there’s no configuration to inherit, the target retains its
|
8128
|
+
# settings but becomes a self-managed account. A target can be
|
8129
|
+
# disassociated from a configuration policy or self-managed behavior.
|
8130
|
+
# Only the Security Hub delegated administrator can invoke this
|
8131
|
+
# operation from the home Region.
|
8132
|
+
#
|
8133
|
+
# @option params [Types::Target] :target
|
8134
|
+
# The identifier of the target account, organizational unit, or the root
|
8135
|
+
# to disassociate from the specified configuration.
|
8136
|
+
#
|
8137
|
+
# @option params [required, String] :configuration_policy_identifier
|
8138
|
+
# The Amazon Resource Name (ARN) or universally unique identifier (UUID)
|
8139
|
+
# of the configuration policy.
|
8140
|
+
#
|
8141
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
8142
|
+
#
|
8143
|
+
#
|
8144
|
+
# @example Example: To disassociate a configuration from a target
|
8145
|
+
#
|
8146
|
+
# # This operation disassociates a configuration policy or self-managed behavior from the target account, organizational
|
8147
|
+
# # unit, or the root.
|
8148
|
+
#
|
8149
|
+
# resp = client.start_configuration_policy_disassociation({
|
8150
|
+
# configuration_policy_identifier: "SELF_MANAGED_SECURITY_HUB",
|
8151
|
+
# target: {
|
8152
|
+
# root_id: "r-f6g7h8i9j0example",
|
8153
|
+
# },
|
8154
|
+
# })
|
8155
|
+
#
|
8156
|
+
# @example Request syntax with placeholder values
|
8157
|
+
#
|
8158
|
+
# resp = client.start_configuration_policy_disassociation({
|
8159
|
+
# target: {
|
8160
|
+
# account_id: "NonEmptyString",
|
8161
|
+
# organizational_unit_id: "NonEmptyString",
|
8162
|
+
# root_id: "NonEmptyString",
|
8163
|
+
# },
|
8164
|
+
# configuration_policy_identifier: "NonEmptyString", # required
|
8165
|
+
# })
|
8166
|
+
#
|
8167
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StartConfigurationPolicyDisassociation AWS API Documentation
|
8168
|
+
#
|
8169
|
+
# @overload start_configuration_policy_disassociation(params = {})
|
8170
|
+
# @param [Hash] params ({})
|
8171
|
+
def start_configuration_policy_disassociation(params = {}, options = {})
|
8172
|
+
req = build_request(:start_configuration_policy_disassociation, params)
|
8173
|
+
req.send_request(options)
|
8174
|
+
end
|
8175
|
+
|
6948
8176
|
# Adds one or more tags to a resource.
|
6949
8177
|
#
|
6950
8178
|
# @option params [required, String] :resource_arn
|
@@ -7070,6 +8298,205 @@ module Aws::SecurityHub
|
|
7070
8298
|
req.send_request(options)
|
7071
8299
|
end
|
7072
8300
|
|
8301
|
+
# Updates a configuration policy. Only the Security Hub delegated
|
8302
|
+
# administrator can invoke this operation from the home Region.
|
8303
|
+
#
|
8304
|
+
# @option params [required, String] :identifier
|
8305
|
+
# The Amazon Resource Name (ARN) or universally unique identifier (UUID)
|
8306
|
+
# of the configuration policy.
|
8307
|
+
#
|
8308
|
+
# @option params [String] :name
|
8309
|
+
# The name of the configuration policy.
|
8310
|
+
#
|
8311
|
+
# @option params [String] :description
|
8312
|
+
# The description of the configuration policy.
|
8313
|
+
#
|
8314
|
+
# @option params [String] :updated_reason
|
8315
|
+
# The reason for updating the configuration policy.
|
8316
|
+
#
|
8317
|
+
# @option params [Types::Policy] :configuration_policy
|
8318
|
+
# An object that defines how Security Hub is configured. It includes
|
8319
|
+
# whether Security Hub is enabled or disabled, a list of enabled
|
8320
|
+
# security standards, a list of enabled or disabled security controls,
|
8321
|
+
# and a list of custom parameter values for specified controls. If you
|
8322
|
+
# provide a list of security controls that are enabled in the
|
8323
|
+
# configuration policy, Security Hub disables all other controls
|
8324
|
+
# (including newly released controls). If you provide a list of security
|
8325
|
+
# controls that are disabled in the configuration policy, Security Hub
|
8326
|
+
# enables all other controls (including newly released controls).
|
8327
|
+
#
|
8328
|
+
# When updating a configuration policy, provide a complete list of
|
8329
|
+
# standards that you want to enable and a complete list of controls that
|
8330
|
+
# you want to enable or disable. The updated configuration replaces the
|
8331
|
+
# current configuration.
|
8332
|
+
#
|
8333
|
+
# @return [Types::UpdateConfigurationPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
8334
|
+
#
|
8335
|
+
# * {Types::UpdateConfigurationPolicyResponse#arn #arn} => String
|
8336
|
+
# * {Types::UpdateConfigurationPolicyResponse#id #id} => String
|
8337
|
+
# * {Types::UpdateConfigurationPolicyResponse#name #name} => String
|
8338
|
+
# * {Types::UpdateConfigurationPolicyResponse#description #description} => String
|
8339
|
+
# * {Types::UpdateConfigurationPolicyResponse#updated_at #updated_at} => Time
|
8340
|
+
# * {Types::UpdateConfigurationPolicyResponse#created_at #created_at} => Time
|
8341
|
+
# * {Types::UpdateConfigurationPolicyResponse#configuration_policy #configuration_policy} => Types::Policy
|
8342
|
+
#
|
8343
|
+
#
|
8344
|
+
# @example Example: To update a configuration policy
|
8345
|
+
#
|
8346
|
+
# # This operation updates the specified configuration policy.
|
8347
|
+
#
|
8348
|
+
# resp = client.update_configuration_policy({
|
8349
|
+
# configuration_policy: {
|
8350
|
+
# security_hub: {
|
8351
|
+
# enabled_standard_identifiers: [
|
8352
|
+
# "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
|
8353
|
+
# "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
|
8354
|
+
# ],
|
8355
|
+
# security_controls_configuration: {
|
8356
|
+
# disabled_security_control_identifiers: [
|
8357
|
+
# "CloudWatch.1",
|
8358
|
+
# "CloudWatch.2",
|
8359
|
+
# ],
|
8360
|
+
# security_control_custom_parameters: [
|
8361
|
+
# {
|
8362
|
+
# parameters: {
|
8363
|
+
# "daysToExpiration" => {
|
8364
|
+
# value: {
|
8365
|
+
# integer: 21,
|
8366
|
+
# },
|
8367
|
+
# value_type: "CUSTOM",
|
8368
|
+
# },
|
8369
|
+
# },
|
8370
|
+
# security_control_id: "ACM.1",
|
8371
|
+
# },
|
8372
|
+
# ],
|
8373
|
+
# },
|
8374
|
+
# service_enabled: true,
|
8375
|
+
# },
|
8376
|
+
# },
|
8377
|
+
# description: "Updated configuration policy for testing FSBP and CIS",
|
8378
|
+
# identifier: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
8379
|
+
# name: "TestConfigurationPolicy",
|
8380
|
+
# updated_reason: "Enabling ACM.2",
|
8381
|
+
# })
|
8382
|
+
#
|
8383
|
+
# resp.to_h outputs the following:
|
8384
|
+
# {
|
8385
|
+
# arn: "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
8386
|
+
# configuration_policy: {
|
8387
|
+
# security_hub: {
|
8388
|
+
# enabled_standard_identifiers: [
|
8389
|
+
# "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
|
8390
|
+
# "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
|
8391
|
+
# ],
|
8392
|
+
# security_controls_configuration: {
|
8393
|
+
# disabled_security_control_identifiers: [
|
8394
|
+
# "CloudWatch.1",
|
8395
|
+
# "CloudWatch.2",
|
8396
|
+
# ],
|
8397
|
+
# security_control_custom_parameters: [
|
8398
|
+
# {
|
8399
|
+
# parameters: {
|
8400
|
+
# "daysToExpiration" => {
|
8401
|
+
# value: {
|
8402
|
+
# integer: 21,
|
8403
|
+
# },
|
8404
|
+
# value_type: "CUSTOM",
|
8405
|
+
# },
|
8406
|
+
# },
|
8407
|
+
# security_control_id: "ACM.1",
|
8408
|
+
# },
|
8409
|
+
# ],
|
8410
|
+
# },
|
8411
|
+
# service_enabled: true,
|
8412
|
+
# },
|
8413
|
+
# },
|
8414
|
+
# created_at: Time.parse("2023-01-11T06:17:17.154Z"),
|
8415
|
+
# description: "Updated configuration policy for testing FSBP and CIS",
|
8416
|
+
# id: "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
|
8417
|
+
# name: "TestConfigurationPolicy",
|
8418
|
+
# updated_at: Time.parse("2023-01-12T06:17:17.154Z"),
|
8419
|
+
# }
|
8420
|
+
#
|
8421
|
+
# @example Request syntax with placeholder values
|
8422
|
+
#
|
8423
|
+
# resp = client.update_configuration_policy({
|
8424
|
+
# identifier: "NonEmptyString", # required
|
8425
|
+
# name: "NonEmptyString",
|
8426
|
+
# description: "NonEmptyString",
|
8427
|
+
# updated_reason: "NonEmptyString",
|
8428
|
+
# configuration_policy: {
|
8429
|
+
# security_hub: {
|
8430
|
+
# service_enabled: false,
|
8431
|
+
# enabled_standard_identifiers: ["NonEmptyString"],
|
8432
|
+
# security_controls_configuration: {
|
8433
|
+
# enabled_security_control_identifiers: ["NonEmptyString"],
|
8434
|
+
# disabled_security_control_identifiers: ["NonEmptyString"],
|
8435
|
+
# security_control_custom_parameters: [
|
8436
|
+
# {
|
8437
|
+
# security_control_id: "NonEmptyString",
|
8438
|
+
# parameters: {
|
8439
|
+
# "NonEmptyString" => {
|
8440
|
+
# value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
|
8441
|
+
# value: {
|
8442
|
+
# integer: 1,
|
8443
|
+
# integer_list: [1],
|
8444
|
+
# double: 1.0,
|
8445
|
+
# string: "NonEmptyString",
|
8446
|
+
# string_list: ["NonEmptyString"],
|
8447
|
+
# boolean: false,
|
8448
|
+
# enum: "NonEmptyString",
|
8449
|
+
# enum_list: ["NonEmptyString"],
|
8450
|
+
# },
|
8451
|
+
# },
|
8452
|
+
# },
|
8453
|
+
# },
|
8454
|
+
# ],
|
8455
|
+
# },
|
8456
|
+
# },
|
8457
|
+
# },
|
8458
|
+
# })
|
8459
|
+
#
|
8460
|
+
# @example Response structure
|
8461
|
+
#
|
8462
|
+
# resp.arn #=> String
|
8463
|
+
# resp.id #=> String
|
8464
|
+
# resp.name #=> String
|
8465
|
+
# resp.description #=> String
|
8466
|
+
# resp.updated_at #=> Time
|
8467
|
+
# resp.created_at #=> Time
|
8468
|
+
# resp.configuration_policy.security_hub.service_enabled #=> Boolean
|
8469
|
+
# resp.configuration_policy.security_hub.enabled_standard_identifiers #=> Array
|
8470
|
+
# resp.configuration_policy.security_hub.enabled_standard_identifiers[0] #=> String
|
8471
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers #=> Array
|
8472
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.enabled_security_control_identifiers[0] #=> String
|
8473
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers #=> Array
|
8474
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.disabled_security_control_identifiers[0] #=> String
|
8475
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters #=> Array
|
8476
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].security_control_id #=> String
|
8477
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters #=> Hash
|
8478
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value_type #=> String, one of "DEFAULT", "CUSTOM"
|
8479
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer #=> Integer
|
8480
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list #=> Array
|
8481
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.integer_list[0] #=> Integer
|
8482
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.double #=> Float
|
8483
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string #=> String
|
8484
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list #=> Array
|
8485
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.string_list[0] #=> String
|
8486
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.boolean #=> Boolean
|
8487
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum #=> String
|
8488
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list #=> Array
|
8489
|
+
# resp.configuration_policy.security_hub.security_controls_configuration.security_control_custom_parameters[0].parameters["NonEmptyString"].value.enum_list[0] #=> String
|
8490
|
+
#
|
8491
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateConfigurationPolicy AWS API Documentation
|
8492
|
+
#
|
8493
|
+
# @overload update_configuration_policy(params = {})
|
8494
|
+
# @param [Hash] params ({})
|
8495
|
+
def update_configuration_policy(params = {}, options = {})
|
8496
|
+
req = build_request(:update_configuration_policy, params)
|
8497
|
+
req.send_request(options)
|
8498
|
+
end
|
8499
|
+
|
7073
8500
|
# Updates the finding aggregation configuration. Used to update the
|
7074
8501
|
# Region linking mode and the list of included or excluded Regions. You
|
7075
8502
|
# cannot use `UpdateFindingAggregator` to change the aggregation Region.
|
@@ -7279,6 +8706,8 @@ module Aws::SecurityHub
|
|
7279
8706
|
# gte: 1.0,
|
7280
8707
|
# lte: 1.0,
|
7281
8708
|
# eq: 1.0,
|
8709
|
+
# gt: 1.0,
|
8710
|
+
# lt: 1.0,
|
7282
8711
|
# },
|
7283
8712
|
# ],
|
7284
8713
|
# severity_normalized: [
|
@@ -7286,6 +8715,8 @@ module Aws::SecurityHub
|
|
7286
8715
|
# gte: 1.0,
|
7287
8716
|
# lte: 1.0,
|
7288
8717
|
# eq: 1.0,
|
8718
|
+
# gt: 1.0,
|
8719
|
+
# lt: 1.0,
|
7289
8720
|
# },
|
7290
8721
|
# ],
|
7291
8722
|
# severity_label: [
|
@@ -7299,6 +8730,8 @@ module Aws::SecurityHub
|
|
7299
8730
|
# gte: 1.0,
|
7300
8731
|
# lte: 1.0,
|
7301
8732
|
# eq: 1.0,
|
8733
|
+
# gt: 1.0,
|
8734
|
+
# lt: 1.0,
|
7302
8735
|
# },
|
7303
8736
|
# ],
|
7304
8737
|
# criticality: [
|
@@ -7306,6 +8739,8 @@ module Aws::SecurityHub
|
|
7306
8739
|
# gte: 1.0,
|
7307
8740
|
# lte: 1.0,
|
7308
8741
|
# eq: 1.0,
|
8742
|
+
# gt: 1.0,
|
8743
|
+
# lt: 1.0,
|
7309
8744
|
# },
|
7310
8745
|
# ],
|
7311
8746
|
# title: [
|
@@ -7409,6 +8844,8 @@ module Aws::SecurityHub
|
|
7409
8844
|
# gte: 1.0,
|
7410
8845
|
# lte: 1.0,
|
7411
8846
|
# eq: 1.0,
|
8847
|
+
# gt: 1.0,
|
8848
|
+
# lt: 1.0,
|
7412
8849
|
# },
|
7413
8850
|
# ],
|
7414
8851
|
# network_source_domain: [
|
@@ -7438,6 +8875,8 @@ module Aws::SecurityHub
|
|
7438
8875
|
# gte: 1.0,
|
7439
8876
|
# lte: 1.0,
|
7440
8877
|
# eq: 1.0,
|
8878
|
+
# gt: 1.0,
|
8879
|
+
# lt: 1.0,
|
7441
8880
|
# },
|
7442
8881
|
# ],
|
7443
8882
|
# network_destination_domain: [
|
@@ -7463,6 +8902,8 @@ module Aws::SecurityHub
|
|
7463
8902
|
# gte: 1.0,
|
7464
8903
|
# lte: 1.0,
|
7465
8904
|
# eq: 1.0,
|
8905
|
+
# gt: 1.0,
|
8906
|
+
# lt: 1.0,
|
7466
8907
|
# },
|
7467
8908
|
# ],
|
7468
8909
|
# process_parent_pid: [
|
@@ -7470,6 +8911,8 @@ module Aws::SecurityHub
|
|
7470
8911
|
# gte: 1.0,
|
7471
8912
|
# lte: 1.0,
|
7472
8913
|
# eq: 1.0,
|
8914
|
+
# gt: 1.0,
|
8915
|
+
# lt: 1.0,
|
7473
8916
|
# },
|
7474
8917
|
# ],
|
7475
8918
|
# process_launched_at: [
|
@@ -7774,6 +9217,8 @@ module Aws::SecurityHub
|
|
7774
9217
|
# gte: 1.0,
|
7775
9218
|
# lte: 1.0,
|
7776
9219
|
# eq: 1.0,
|
9220
|
+
# gt: 1.0,
|
9221
|
+
# lt: 1.0,
|
7777
9222
|
# },
|
7778
9223
|
# ],
|
7779
9224
|
# finding_provider_fields_criticality: [
|
@@ -7781,6 +9226,8 @@ module Aws::SecurityHub
|
|
7781
9226
|
# gte: 1.0,
|
7782
9227
|
# lte: 1.0,
|
7783
9228
|
# eq: 1.0,
|
9229
|
+
# gt: 1.0,
|
9230
|
+
# lt: 1.0,
|
7784
9231
|
# },
|
7785
9232
|
# ],
|
7786
9233
|
# finding_provider_fields_related_findings_id: [
|
@@ -7830,6 +9277,48 @@ module Aws::SecurityHub
|
|
7830
9277
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
7831
9278
|
# },
|
7832
9279
|
# ],
|
9280
|
+
# vulnerabilities_exploit_available: [
|
9281
|
+
# {
|
9282
|
+
# value: "NonEmptyString",
|
9283
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
9284
|
+
# },
|
9285
|
+
# ],
|
9286
|
+
# vulnerabilities_fix_available: [
|
9287
|
+
# {
|
9288
|
+
# value: "NonEmptyString",
|
9289
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
9290
|
+
# },
|
9291
|
+
# ],
|
9292
|
+
# compliance_security_control_parameters_name: [
|
9293
|
+
# {
|
9294
|
+
# value: "NonEmptyString",
|
9295
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
9296
|
+
# },
|
9297
|
+
# ],
|
9298
|
+
# compliance_security_control_parameters_value: [
|
9299
|
+
# {
|
9300
|
+
# value: "NonEmptyString",
|
9301
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
9302
|
+
# },
|
9303
|
+
# ],
|
9304
|
+
# aws_account_name: [
|
9305
|
+
# {
|
9306
|
+
# value: "NonEmptyString",
|
9307
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
9308
|
+
# },
|
9309
|
+
# ],
|
9310
|
+
# resource_application_name: [
|
9311
|
+
# {
|
9312
|
+
# value: "NonEmptyString",
|
9313
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
9314
|
+
# },
|
9315
|
+
# ],
|
9316
|
+
# resource_application_arn: [
|
9317
|
+
# {
|
9318
|
+
# value: "NonEmptyString",
|
9319
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
9320
|
+
# },
|
9321
|
+
# ],
|
7833
9322
|
# },
|
7834
9323
|
# note: {
|
7835
9324
|
# text: "NonEmptyString", # required
|
@@ -7975,6 +9464,8 @@ module Aws::SecurityHub
|
|
7975
9464
|
# gte: 1.0,
|
7976
9465
|
# lte: 1.0,
|
7977
9466
|
# eq: 1.0,
|
9467
|
+
# gt: 1.0,
|
9468
|
+
# lt: 1.0,
|
7978
9469
|
# },
|
7979
9470
|
# ],
|
7980
9471
|
# severity_normalized: [
|
@@ -7982,6 +9473,8 @@ module Aws::SecurityHub
|
|
7982
9473
|
# gte: 1.0,
|
7983
9474
|
# lte: 1.0,
|
7984
9475
|
# eq: 1.0,
|
9476
|
+
# gt: 1.0,
|
9477
|
+
# lt: 1.0,
|
7985
9478
|
# },
|
7986
9479
|
# ],
|
7987
9480
|
# severity_label: [
|
@@ -7995,6 +9488,8 @@ module Aws::SecurityHub
|
|
7995
9488
|
# gte: 1.0,
|
7996
9489
|
# lte: 1.0,
|
7997
9490
|
# eq: 1.0,
|
9491
|
+
# gt: 1.0,
|
9492
|
+
# lt: 1.0,
|
7998
9493
|
# },
|
7999
9494
|
# ],
|
8000
9495
|
# criticality: [
|
@@ -8002,6 +9497,8 @@ module Aws::SecurityHub
|
|
8002
9497
|
# gte: 1.0,
|
8003
9498
|
# lte: 1.0,
|
8004
9499
|
# eq: 1.0,
|
9500
|
+
# gt: 1.0,
|
9501
|
+
# lt: 1.0,
|
8005
9502
|
# },
|
8006
9503
|
# ],
|
8007
9504
|
# title: [
|
@@ -8105,6 +9602,8 @@ module Aws::SecurityHub
|
|
8105
9602
|
# gte: 1.0,
|
8106
9603
|
# lte: 1.0,
|
8107
9604
|
# eq: 1.0,
|
9605
|
+
# gt: 1.0,
|
9606
|
+
# lt: 1.0,
|
8108
9607
|
# },
|
8109
9608
|
# ],
|
8110
9609
|
# network_source_domain: [
|
@@ -8134,6 +9633,8 @@ module Aws::SecurityHub
|
|
8134
9633
|
# gte: 1.0,
|
8135
9634
|
# lte: 1.0,
|
8136
9635
|
# eq: 1.0,
|
9636
|
+
# gt: 1.0,
|
9637
|
+
# lt: 1.0,
|
8137
9638
|
# },
|
8138
9639
|
# ],
|
8139
9640
|
# network_destination_domain: [
|
@@ -8159,6 +9660,8 @@ module Aws::SecurityHub
|
|
8159
9660
|
# gte: 1.0,
|
8160
9661
|
# lte: 1.0,
|
8161
9662
|
# eq: 1.0,
|
9663
|
+
# gt: 1.0,
|
9664
|
+
# lt: 1.0,
|
8162
9665
|
# },
|
8163
9666
|
# ],
|
8164
9667
|
# process_parent_pid: [
|
@@ -8166,6 +9669,8 @@ module Aws::SecurityHub
|
|
8166
9669
|
# gte: 1.0,
|
8167
9670
|
# lte: 1.0,
|
8168
9671
|
# eq: 1.0,
|
9672
|
+
# gt: 1.0,
|
9673
|
+
# lt: 1.0,
|
8169
9674
|
# },
|
8170
9675
|
# ],
|
8171
9676
|
# process_launched_at: [
|
@@ -8470,6 +9975,8 @@ module Aws::SecurityHub
|
|
8470
9975
|
# gte: 1.0,
|
8471
9976
|
# lte: 1.0,
|
8472
9977
|
# eq: 1.0,
|
9978
|
+
# gt: 1.0,
|
9979
|
+
# lt: 1.0,
|
8473
9980
|
# },
|
8474
9981
|
# ],
|
8475
9982
|
# finding_provider_fields_criticality: [
|
@@ -8477,6 +9984,8 @@ module Aws::SecurityHub
|
|
8477
9984
|
# gte: 1.0,
|
8478
9985
|
# lte: 1.0,
|
8479
9986
|
# eq: 1.0,
|
9987
|
+
# gt: 1.0,
|
9988
|
+
# lt: 1.0,
|
8480
9989
|
# },
|
8481
9990
|
# ],
|
8482
9991
|
# finding_provider_fields_related_findings_id: [
|
@@ -8526,6 +10035,48 @@ module Aws::SecurityHub
|
|
8526
10035
|
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
8527
10036
|
# },
|
8528
10037
|
# ],
|
10038
|
+
# vulnerabilities_exploit_available: [
|
10039
|
+
# {
|
10040
|
+
# value: "NonEmptyString",
|
10041
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
10042
|
+
# },
|
10043
|
+
# ],
|
10044
|
+
# vulnerabilities_fix_available: [
|
10045
|
+
# {
|
10046
|
+
# value: "NonEmptyString",
|
10047
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
10048
|
+
# },
|
10049
|
+
# ],
|
10050
|
+
# compliance_security_control_parameters_name: [
|
10051
|
+
# {
|
10052
|
+
# value: "NonEmptyString",
|
10053
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
10054
|
+
# },
|
10055
|
+
# ],
|
10056
|
+
# compliance_security_control_parameters_value: [
|
10057
|
+
# {
|
10058
|
+
# value: "NonEmptyString",
|
10059
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
10060
|
+
# },
|
10061
|
+
# ],
|
10062
|
+
# aws_account_name: [
|
10063
|
+
# {
|
10064
|
+
# value: "NonEmptyString",
|
10065
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
10066
|
+
# },
|
10067
|
+
# ],
|
10068
|
+
# resource_application_name: [
|
10069
|
+
# {
|
10070
|
+
# value: "NonEmptyString",
|
10071
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
10072
|
+
# },
|
10073
|
+
# ],
|
10074
|
+
# resource_application_arn: [
|
10075
|
+
# {
|
10076
|
+
# value: "NonEmptyString",
|
10077
|
+
# comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS, CONTAINS, NOT_CONTAINS
|
10078
|
+
# },
|
10079
|
+
# ],
|
8529
10080
|
# },
|
8530
10081
|
# group_by_attribute: "NonEmptyString",
|
8531
10082
|
# })
|
@@ -8539,44 +10090,63 @@ module Aws::SecurityHub
|
|
8539
10090
|
req.send_request(options)
|
8540
10091
|
end
|
8541
10092
|
|
8542
|
-
#
|
8543
|
-
#
|
10093
|
+
# Updates the configuration of your organization in Security Hub. Only
|
10094
|
+
# the Security Hub administrator account can invoke this operation.
|
8544
10095
|
#
|
8545
10096
|
# @option params [required, Boolean] :auto_enable
|
8546
|
-
# Whether to automatically enable Security Hub
|
8547
|
-
# organization.
|
10097
|
+
# Whether to automatically enable Security Hub in new member accounts
|
10098
|
+
# when they join the organization.
|
8548
10099
|
#
|
8549
|
-
#
|
8550
|
-
#
|
10100
|
+
# If set to `true`, then Security Hub is automatically enabled in new
|
10101
|
+
# accounts. If set to `false`, then Security Hub isn't enabled in new
|
10102
|
+
# accounts automatically. The default value is `false`.
|
8551
10103
|
#
|
8552
|
-
#
|
8553
|
-
# `
|
10104
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
10105
|
+
# then this field is set to `false` and can't be changed in the home
|
10106
|
+
# Region and linked Regions. However, in that case, the delegated
|
10107
|
+
# administrator can create a configuration policy in which Security Hub
|
10108
|
+
# is enabled and associate the policy with new organization accounts.
|
8554
10109
|
#
|
8555
10110
|
# @option params [String] :auto_enable_standards
|
8556
|
-
# Whether to automatically enable Security Hub [default standards][1]
|
8557
|
-
#
|
10111
|
+
# Whether to automatically enable Security Hub [default standards][1] in
|
10112
|
+
# new member accounts when they join the organization.
|
8558
10113
|
#
|
8559
|
-
#
|
8560
|
-
# accounts are automatically enabled with default Security Hub
|
8561
|
-
# standards.
|
10114
|
+
# The default value of this parameter is equal to `DEFAULT`.
|
8562
10115
|
#
|
8563
|
-
#
|
8564
|
-
#
|
10116
|
+
# If equal to `DEFAULT`, then Security Hub default standards are
|
10117
|
+
# automatically enabled for new member accounts. If equal to `NONE`,
|
10118
|
+
# then default standards are not automatically enabled for new member
|
10119
|
+
# accounts.
|
10120
|
+
#
|
10121
|
+
# If the `ConfigurationType` of your organization is set to `CENTRAL`,
|
10122
|
+
# then this field is set to `NONE` and can't be changed in the home
|
10123
|
+
# Region and linked Regions. However, in that case, the delegated
|
10124
|
+
# administrator can create a configuration policy in which specific
|
10125
|
+
# security standards are enabled and associate the policy with new
|
10126
|
+
# organization accounts.
|
8565
10127
|
#
|
8566
10128
|
#
|
8567
10129
|
#
|
8568
10130
|
# [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html
|
8569
10131
|
#
|
10132
|
+
# @option params [Types::OrganizationConfiguration] :organization_configuration
|
10133
|
+
# Provides information about the way an organization is configured in
|
10134
|
+
# Security Hub.
|
10135
|
+
#
|
8570
10136
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
8571
10137
|
#
|
8572
10138
|
#
|
8573
10139
|
# @example Example: To update organization configuration
|
8574
10140
|
#
|
8575
|
-
# #
|
8576
|
-
# #
|
10141
|
+
# # This operation updates the way your organization is configured in Security Hub. Only a Security Hub administrator
|
10142
|
+
# # account can invoke this operation.
|
8577
10143
|
#
|
8578
10144
|
# resp = client.update_organization_configuration({
|
8579
|
-
# auto_enable:
|
10145
|
+
# auto_enable: false,
|
10146
|
+
# auto_enable_standards: "NONE",
|
10147
|
+
# organization_configuration: {
|
10148
|
+
# configuration_type: "CENTRAL",
|
10149
|
+
# },
|
8580
10150
|
# })
|
8581
10151
|
#
|
8582
10152
|
# @example Request syntax with placeholder values
|
@@ -8584,6 +10154,11 @@ module Aws::SecurityHub
|
|
8584
10154
|
# resp = client.update_organization_configuration({
|
8585
10155
|
# auto_enable: false, # required
|
8586
10156
|
# auto_enable_standards: "NONE", # accepts NONE, DEFAULT
|
10157
|
+
# organization_configuration: {
|
10158
|
+
# configuration_type: "CENTRAL", # accepts CENTRAL, LOCAL
|
10159
|
+
# status: "PENDING", # accepts PENDING, ENABLED, FAILED
|
10160
|
+
# status_message: "NonEmptyString",
|
10161
|
+
# },
|
8587
10162
|
# })
|
8588
10163
|
#
|
8589
10164
|
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfiguration AWS API Documentation
|
@@ -8595,6 +10170,74 @@ module Aws::SecurityHub
|
|
8595
10170
|
req.send_request(options)
|
8596
10171
|
end
|
8597
10172
|
|
10173
|
+
# Updates the properties of a security control.
|
10174
|
+
#
|
10175
|
+
# @option params [required, String] :security_control_id
|
10176
|
+
# The Amazon Resource Name (ARN) or ID of the control to update.
|
10177
|
+
#
|
10178
|
+
# @option params [required, Hash<String,Types::ParameterConfiguration>] :parameters
|
10179
|
+
# An object that specifies which security control parameters to update.
|
10180
|
+
#
|
10181
|
+
# @option params [String] :last_update_reason
|
10182
|
+
# The most recent reason for updating the properties of the security
|
10183
|
+
# control. This field accepts alphanumeric characters in addition to
|
10184
|
+
# white spaces, dashes, and underscores.
|
10185
|
+
#
|
10186
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
10187
|
+
#
|
10188
|
+
#
|
10189
|
+
# @example Example: To update security control properties
|
10190
|
+
#
|
10191
|
+
# # The following example updates the specified security control. Specifically, this example updates control parameters.
|
10192
|
+
#
|
10193
|
+
# resp = client.update_security_control({
|
10194
|
+
# last_update_reason: "Comply with internal requirements",
|
10195
|
+
# parameters: {
|
10196
|
+
# "maxCredentialUsageAge" => {
|
10197
|
+
# value: {
|
10198
|
+
# integer: 15,
|
10199
|
+
# },
|
10200
|
+
# value_type: "CUSTOM",
|
10201
|
+
# },
|
10202
|
+
# },
|
10203
|
+
# security_control_id: "ACM.1",
|
10204
|
+
# })
|
10205
|
+
#
|
10206
|
+
# resp.to_h outputs the following:
|
10207
|
+
# {
|
10208
|
+
# }
|
10209
|
+
#
|
10210
|
+
# @example Request syntax with placeholder values
|
10211
|
+
#
|
10212
|
+
# resp = client.update_security_control({
|
10213
|
+
# security_control_id: "NonEmptyString", # required
|
10214
|
+
# parameters: { # required
|
10215
|
+
# "NonEmptyString" => {
|
10216
|
+
# value_type: "DEFAULT", # required, accepts DEFAULT, CUSTOM
|
10217
|
+
# value: {
|
10218
|
+
# integer: 1,
|
10219
|
+
# integer_list: [1],
|
10220
|
+
# double: 1.0,
|
10221
|
+
# string: "NonEmptyString",
|
10222
|
+
# string_list: ["NonEmptyString"],
|
10223
|
+
# boolean: false,
|
10224
|
+
# enum: "NonEmptyString",
|
10225
|
+
# enum_list: ["NonEmptyString"],
|
10226
|
+
# },
|
10227
|
+
# },
|
10228
|
+
# },
|
10229
|
+
# last_update_reason: "AlphaNumericNonEmptyString",
|
10230
|
+
# })
|
10231
|
+
#
|
10232
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControl AWS API Documentation
|
10233
|
+
#
|
10234
|
+
# @overload update_security_control(params = {})
|
10235
|
+
# @param [Hash] params ({})
|
10236
|
+
def update_security_control(params = {}, options = {})
|
10237
|
+
req = build_request(:update_security_control, params)
|
10238
|
+
req.send_request(options)
|
10239
|
+
end
|
10240
|
+
|
8598
10241
|
# Updates configuration options for Security Hub.
|
8599
10242
|
#
|
8600
10243
|
# @option params [Boolean] :auto_enable_controls
|
@@ -8703,7 +10346,7 @@ module Aws::SecurityHub
|
|
8703
10346
|
params: params,
|
8704
10347
|
config: config)
|
8705
10348
|
context[:gem_name] = 'aws-sdk-securityhub'
|
8706
|
-
context[:gem_version] = '1.
|
10349
|
+
context[:gem_version] = '1.97.0'
|
8707
10350
|
Seahorse::Client::Request.new(handlers, context)
|
8708
10351
|
end
|
8709
10352
|
|